Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1650 (GCVE-0-2022-1650)
Vulnerability from cvelistv5 – Published: 2022-05-12 00:00 – Updated: 2024-08-03 00:10
VLAI?
EPSS
Title
Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Severity ?
8.1 (High)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eventsource | eventsource/eventsource |
Affected:
v2.0.0 , < unspecified
(custom)
Affected: unspecified , < v2.0.2 (custom) Affected: unspecified , ≤ v1.1.0 (custom) Unaffected: v1.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eventsource/eventsource",
"vendor": "eventsource",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.0.0",
"versionType": "custom"
},
{
"lessThan": "v2.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\u003c/p\u003e"
}
],
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:39:40.475Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
],
"source": {
"advisory": "dc9e467f-be5d-4945-867d-1044d27e9b8e",
"discovery": "EXTERNAL"
},
"title": "Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1650",
"datePublished": "2022-05-12T00:00:00",
"dateReserved": "2022-05-10T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*\", \"versionEndExcluding\": \"1.1.1\", \"matchCriteriaId\": \"7AC35E5D-57F8-4BF5-A812-C02E420D30C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.0.2\", \"matchCriteriaId\": \"AF673C3C-2DB2-4915-8520-09E33629D98E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Una Exposici\\u00f3n de Informaci\\u00f3n Confidencial a un Actor no Autorizado en el repositorio GitHub eventsource/eventsource versiones anteriores a v2.0.2\"}]",
"id": "CVE-2022-1650",
"lastModified": "2024-11-21T06:41:10.613",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-05-12T11:15:07.290",
"references": "[{\"url\": \"https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html\", \"source\": \"security@huntr.dev\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-212\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-212\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1650\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2022-05-12T11:15:07.290\",\"lastModified\":\"2024-11-21T06:41:10.613\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una Exposici\u00f3n de Informaci\u00f3n Confidencial a un Actor no Autorizado en el repositorio GitHub eventsource/eventsource versiones anteriores a v2.0.2\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"7AC35E5D-57F8-4BF5-A812-C02E420D30C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.2\",\"matchCriteriaId\":\"AF673C3C-2DB2-4915-8520-09E33629D98E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html\",\"source\":\"security@huntr.dev\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:5030
Vulnerability from csaf_redhat - Published: 2022-06-14 14:46 - Updated: 2026-01-13 22:06Summary
Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update
Notes
Topic
A patch update (from 7.10.1 to 7.10.2.P1) is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.10.2.P1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573)
* eventsource: Exposure of Sensitive Information [fuse-7] (CVE-2022-1650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A patch update (from 7.10.1 to 7.10.2.P1) is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.10.2.P1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573)\n\n* eventsource: Exposure of Sensitive Information [fuse-7] (CVE-2022-1650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5030",
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2081879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5030.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update",
"tracking": {
"current_release_date": "2026-01-13T22:06:34+00:00",
"generator": {
"date": "2026-01-13T22:06:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2022:5030",
"initial_release_date": "2022-06-14T14:46:29+00:00",
"revision_history": [
{
"date": "2022-06-14T14:46:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-14T14:46:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse Online 7.10.2.P1",
"product": {
"name": "Red Hat Fuse Online 7.10.2.P1",
"product_id": "Red Hat Fuse Online 7.10.2.P1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22573",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-05-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Google OAuth Java client\u0027s IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outside of their prescribed permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: Token signature not verified",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse Online 7.10.2.P1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22573"
},
{
"category": "external",
"summary": "RHBZ#2081879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573"
},
{
"category": "external",
"summary": "https://github.com/googleapis/google-oauth-java-client/pull/872",
"url": "https://github.com/googleapis/google-oauth-java-client/pull/872"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-14T14:46:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
"product_ids": [
"Red Hat Fuse Online 7.10.2.P1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse Online 7.10.2.P1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google-oauth-client: Token signature not verified"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse Online 7.10.2.P1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-14T14:46:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
"product_ids": [
"Red Hat Fuse Online 7.10.2.P1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse Online 7.10.2.P1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022_6429
Vulnerability from csaf_redhat - Published: 2022-09-13 00:58 - Updated: 2024-12-17 22:03Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.4 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* nodejs-url-parse: authorization bypass through user-controlled key (CVE-2022-0512)
* npm-url-parse: Authorization bypass through user-controlled key (CVE-2022-0686)
* npm-url-parse: authorization bypass through user-controlled key (CVE-2022-0691)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* nodejs-lodash: command injection via template (CVE-2021-23337)
* npm-url-parse: Authorization Bypass Through User-Controlled Key (CVE-2022-0639)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-url-parse: authorization bypass through user-controlled key (CVE-2022-0512)\n\n* npm-url-parse: Authorization bypass through user-controlled key (CVE-2022-0686)\n\n* npm-url-parse: authorization bypass through user-controlled key (CVE-2022-0691)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* npm-url-parse: Authorization Bypass Through User-Controlled Key (CVE-2022-0639)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6429",
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "2054663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054663"
},
{
"category": "external",
"summary": "2057442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057442"
},
{
"category": "external",
"summary": "2060018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060018"
},
{
"category": "external",
"summary": "2060020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060020"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6429.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:03:22+00:00",
"generator": {
"date": "2024-12-17T22:03:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:6429",
"initial_release_date": "2022-09-13T00:58:09+00:00",
"revision_history": [
{
"date": "2022-09-13T00:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-13T00:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:03:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.4-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.4-17"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.4-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.4-14"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.4-12"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.4-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "RHBZ#1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "RHBZ#1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2022-0512",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2054663"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol \"@\" at the end of the password field. This issue can allow entry to systems designed to block remote access and may not have additional defenses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-url-parse: authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0512"
},
{
"category": "external",
"summary": "RHBZ#2054663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054663"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512"
}
],
"release_date": "2022-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-url-parse: authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-0639",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057442"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol (@) while submitting a URL. This issue enables the bypass of validation or block-listing restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0639"
},
{
"category": "external",
"summary": "RHBZ#2057442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0639"
}
],
"release_date": "2022-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "npm-url-parse: Authorization Bypass Through User-Controlled Key"
},
{
"cve": "CVE-2022-0686",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060018"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon (:), but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the vulnerable server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: Authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0686"
},
{
"category": "external",
"summary": "RHBZ#2060018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0686"
}
],
"release_date": "2022-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "npm-url-parse: Authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-0691",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060020"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character (\\b) while submitting a URL. This vulnerability can enable bypassing any hostname checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0691"
},
{
"category": "external",
"summary": "RHBZ#2060020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0691"
}
],
"release_date": "2022-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "npm-url-parse: authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
}
]
}
RHSA-2022_6057
Vulnerability from csaf_redhat - Published: 2022-08-15 09:04 - Updated: 2024-11-22 19:54Summary
Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.\n\nSecurity Fix(es):\n\n* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6057",
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6057.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T19:54:45+00:00",
"generator": {
"date": "2024-11-22T19:54:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6057",
"initial_release_date": "2022-08-15T09:04:46+00:00",
"revision_history": [
{
"date": "2022-08-15T09:04:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-15T09:04:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:54:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.422-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product_id": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1@3.1.422-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src"
},
"product_reference": "dotnet3.1-0:3.1.422-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src"
},
"product_reference": "dotnet3.1-0:3.1.422-1.el8_6.src",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-15T09:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-34716",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115183"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: External Entity Injection during XML signature verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34716"
},
{
"category": "external",
"summary": "RHBZ#2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/232",
"url": "https://github.com/dotnet/announcements/issues/232"
}
],
"release_date": "2022-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-15T09:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: External Entity Injection during XML signature verification"
}
]
}
RHSA-2022_5030
Vulnerability from csaf_redhat - Published: 2022-06-14 14:46 - Updated: 2024-11-22 19:30Summary
Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update
Notes
Topic
A patch update (from 7.10.1 to 7.10.2.P1) is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.10.2.P1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573)
* eventsource: Exposure of Sensitive Information [fuse-7] (CVE-2022-1650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A patch update (from 7.10.1 to 7.10.2.P1) is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.10.2.P1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573)\n\n* eventsource: Exposure of Sensitive Information [fuse-7] (CVE-2022-1650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5030",
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2081879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5030.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update",
"tracking": {
"current_release_date": "2024-11-22T19:30:51+00:00",
"generator": {
"date": "2024-11-22T19:30:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:5030",
"initial_release_date": "2022-06-14T14:46:29+00:00",
"revision_history": [
{
"date": "2022-06-14T14:46:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-14T14:46:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:30:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse Online 7.10.2.P1",
"product": {
"name": "Red Hat Fuse Online 7.10.2.P1",
"product_id": "Red Hat Fuse Online 7.10.2.P1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22573",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-05-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Google OAuth Java client\u0027s IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outside of their prescribed permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: Token signature not verified",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse Online 7.10.2.P1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22573"
},
{
"category": "external",
"summary": "RHBZ#2081879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573"
},
{
"category": "external",
"summary": "https://github.com/googleapis/google-oauth-java-client/pull/872",
"url": "https://github.com/googleapis/google-oauth-java-client/pull/872"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-14T14:46:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
"product_ids": [
"Red Hat Fuse Online 7.10.2.P1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse Online 7.10.2.P1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google-oauth-client: Token signature not verified"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse Online 7.10.2.P1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-14T14:46:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
"product_ids": [
"Red Hat Fuse Online 7.10.2.P1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse Online 7.10.2.P1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2023_3642
Vulnerability from csaf_redhat - Published: 2023-06-15 15:59 - Updated: 2024-12-17 22:21Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3642",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
},
{
"category": "external",
"summary": "2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "2168965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
},
{
"category": "external",
"summary": "2174461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
},
{
"category": "external",
"summary": "2174462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
},
{
"category": "external",
"summary": "2186142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:21:21+00:00",
"generator": {
"date": "2024-12-17T22:21:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3642",
"initial_release_date": "2023-06-15T15:59:41+00:00",
"revision_history": [
{
"date": "2023-06-15T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:21:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 6.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42581",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-05-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2083778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ramda: prototype poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42581"
},
{
"category": "external",
"summary": "RHBZ#2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
},
{
"category": "external",
"summary": "https://github.com/ramda/ramda/pull/3192",
"url": "https://github.com/ramda/ramda/pull/3192"
}
],
"release_date": "2022-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ramda: prototype poisoning"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-21680",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082705"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression block.def may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21680"
},
{
"category": "external",
"summary": "RHBZ#2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression block.def may lead Denial of Service"
},
{
"cve": "CVE-2022-21681",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082706"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21681"
},
{
"category": "external",
"summary": "RHBZ#2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
},
{
"cve": "CVE-2022-23498",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167266"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Use of Cache Containing Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23498"
},
{
"category": "external",
"summary": "RHBZ#2167266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
}
],
"release_date": "2023-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Use of Cache Containing Sensitive Information"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26148",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26148"
},
{
"category": "external",
"summary": "RHBZ#2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-31097",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104365"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "RHBZ#2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: stored XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"HTTPVoid team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-31107",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: OAuth account takeover",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "RHBZ#2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: OAuth account takeover"
},
{
"cve": "CVE-2022-31123",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: plugin signature bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31123"
},
{
"category": "external",
"summary": "RHBZ#2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: plugin signature bypass"
},
{
"cve": "CVE-2022-31130",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31130"
},
{
"category": "external",
"summary": "RHBZ#2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39201",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39201"
},
{
"category": "external",
"summary": "RHBZ#2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39306",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138014"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: email addresses and usernames cannot be trusted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39306"
},
{
"category": "external",
"summary": "RHBZ#2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: email addresses and usernames cannot be trusted"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
]
}
],
"cve": "CVE-2022-39307",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138015"
}
],
"notes": [
{
"category": "description",
"text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: User enumeration via forget password",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39307"
},
{
"category": "external",
"summary": "RHBZ#2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: User enumeration via forget password"
},
{
"acknowledgments": [
{
"names": [
"Grafana Security Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39324",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2022-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Spoofing of the originalUrl parameter of snapshots",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39324"
},
{
"category": "external",
"summary": "RHBZ#2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
"url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
}
],
"release_date": "2023-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Spoofing of the originalUrl parameter of snapshots"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41912",
"cwe": {
"id": "CWE-165",
"name": "Improper Neutralization of Multiple Internal Special Elements"
},
"discovery_date": "2022-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149181"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41912"
},
{
"category": "external",
"summary": "RHBZ#2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
},
{
"category": "external",
"summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
}
]
}
RHBA-2022_5721
Vulnerability from csaf_redhat - Published: 2022-07-26 14:43 - Updated: 2024-11-22 18:58Summary
Red Hat Bug Fix Advisory: .NET 6.0 on RHEL 7 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 (BZ#2103267)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 (BZ#2103267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5721",
"url": "https://access.redhat.com/errata/RHBA-2022:5721"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5721.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 on RHEL 7 bugfix update",
"tracking": {
"current_release_date": "2024-11-22T18:58:24+00:00",
"generator": {
"date": "2024-11-22T18:58:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2022:5721",
"initial_release_date": "2022-07-26T14:43:04+00:00",
"revision_history": [
{
"date": "2022-07-26T14:43:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-26T14:43:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:58:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-runtime-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-targeting-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-apphost-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-host@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-hostfxr-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-runtime-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-targeting-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-templates-6.0@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-netstandard-targeting-pack-2.1@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-debuginfo@6.0.107-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product_id": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.107-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-26T14:43:04+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5721"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022:5006
Vulnerability from csaf_redhat - Published: 2022-06-13 12:43 - Updated: 2026-01-30 03:04Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.1.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.1.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5006",
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "OSSM-1609",
"url": "https://issues.redhat.com/browse/OSSM-1609"
},
{
"category": "external",
"summary": "OSSM-1617",
"url": "https://issues.redhat.com/browse/OSSM-1617"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5006.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update",
"tracking": {
"current_release_date": "2026-01-30T03:04:40+00:00",
"generator": {
"date": "2026-01-30T03:04:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:5006",
"initial_release_date": "2022-06-13T12:43:57+00:00",
"revision_history": [
{
"date": "2022-06-13T12:43:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-13T12:43:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-30T03:04:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.1",
"product": {
"name": "OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
}
]
}
RHSA-2022_5006
Vulnerability from csaf_redhat - Published: 2022-06-13 12:43 - Updated: 2024-12-17 21:57Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.1.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.1.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5006",
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "OSSM-1609",
"url": "https://issues.redhat.com/browse/OSSM-1609"
},
{
"category": "external",
"summary": "OSSM-1617",
"url": "https://issues.redhat.com/browse/OSSM-1617"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5006.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update",
"tracking": {
"current_release_date": "2024-12-17T21:57:57+00:00",
"generator": {
"date": "2024-12-17T21:57:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:5006",
"initial_release_date": "2022-06-13T12:43:57+00:00",
"revision_history": [
{
"date": "2022-06-13T12:43:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-13T12:43:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:57:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.1",
"product": {
"name": "OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64",
"relates_to_product_reference": "8Base-OSSM-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"known_not_affected": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-13T12:43:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le",
"8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
}
]
}
RHSA-2022_6156
Vulnerability from csaf_redhat - Published: 2022-08-24 13:45 - Updated: 2024-12-18 00:35Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Notes
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)
* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6156",
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index",
"url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
},
{
"category": "external",
"summary": "1937117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937117"
},
{
"category": "external",
"summary": "1947482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947482"
},
{
"category": "external",
"summary": "1973317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973317"
},
{
"category": "external",
"summary": "1996829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996829"
},
{
"category": "external",
"summary": "2004944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
},
{
"category": "external",
"summary": "2027724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027724"
},
{
"category": "external",
"summary": "2029298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029298"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2047173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047173"
},
{
"category": "external",
"summary": "2050853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
},
{
"category": "external",
"summary": "2050897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050897"
},
{
"category": "external",
"summary": "2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2056697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056697"
},
{
"category": "external",
"summary": "2058211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058211"
},
{
"category": "external",
"summary": "2060487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060487"
},
{
"category": "external",
"summary": "2060790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060790"
},
{
"category": "external",
"summary": "2061713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061713"
},
{
"category": "external",
"summary": "2063691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063691"
},
{
"category": "external",
"summary": "2064426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064426"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2066514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066514"
},
{
"category": "external",
"summary": "2067079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067079"
},
{
"category": "external",
"summary": "2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "2067461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
},
{
"category": "external",
"summary": "2069314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069314"
},
{
"category": "external",
"summary": "2069319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069319"
},
{
"category": "external",
"summary": "2069812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069812"
},
{
"category": "external",
"summary": "2069815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069815"
},
{
"category": "external",
"summary": "2070542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070542"
},
{
"category": "external",
"summary": "2071494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071494"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073920"
},
{
"category": "external",
"summary": "2074810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074810"
},
{
"category": "external",
"summary": "2075426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075426"
},
{
"category": "external",
"summary": "2075581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075581"
},
{
"category": "external",
"summary": "2076457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076457"
},
{
"category": "external",
"summary": "2077242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077242"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2079866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079866"
},
{
"category": "external",
"summary": "2079873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079873"
},
{
"category": "external",
"summary": "2080279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
},
{
"category": "external",
"summary": "2081680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081680"
},
{
"category": "external",
"summary": "2082028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082028"
},
{
"category": "external",
"summary": "2082078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082078"
},
{
"category": "external",
"summary": "2082497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082497"
},
{
"category": "external",
"summary": "2083074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083074"
},
{
"category": "external",
"summary": "2083441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083441"
},
{
"category": "external",
"summary": "2083953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083953"
},
{
"category": "external",
"summary": "2083993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083993"
},
{
"category": "external",
"summary": "2084041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084041"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2084201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084201"
},
{
"category": "external",
"summary": "2084503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084503"
},
{
"category": "external",
"summary": "2084546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084546"
},
{
"category": "external",
"summary": "2084565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084565"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2085351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085351"
},
{
"category": "external",
"summary": "2085357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085357"
},
{
"category": "external",
"summary": "2086557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086557"
},
{
"category": "external",
"summary": "2086675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086675"
},
{
"category": "external",
"summary": "2086982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086982"
},
{
"category": "external",
"summary": "2086983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086983"
},
{
"category": "external",
"summary": "2087078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087078"
},
{
"category": "external",
"summary": "2087107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087107"
},
{
"category": "external",
"summary": "2087237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087237"
},
{
"category": "external",
"summary": "2087675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087675"
},
{
"category": "external",
"summary": "2087732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087732"
},
{
"category": "external",
"summary": "2087755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087755"
},
{
"category": "external",
"summary": "2088359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088359"
},
{
"category": "external",
"summary": "2088380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088380"
},
{
"category": "external",
"summary": "2088506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088506"
},
{
"category": "external",
"summary": "2088587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088587"
},
{
"category": "external",
"summary": "2089296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089296"
},
{
"category": "external",
"summary": "2089342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089342"
},
{
"category": "external",
"summary": "2089397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089397"
},
{
"category": "external",
"summary": "2089552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089552"
},
{
"category": "external",
"summary": "2089567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089567"
},
{
"category": "external",
"summary": "2089786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089786"
},
{
"category": "external",
"summary": "2089795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089795"
},
{
"category": "external",
"summary": "2089797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089797"
},
{
"category": "external",
"summary": "2090278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090278"
},
{
"category": "external",
"summary": "2090314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090314"
},
{
"category": "external",
"summary": "2090953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090953"
},
{
"category": "external",
"summary": "2091487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091487"
},
{
"category": "external",
"summary": "2091638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091638"
},
{
"category": "external",
"summary": "2091641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091641"
},
{
"category": "external",
"summary": "2091681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091681"
},
{
"category": "external",
"summary": "2091894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091894"
},
{
"category": "external",
"summary": "2091951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091951"
},
{
"category": "external",
"summary": "2091998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091998"
},
{
"category": "external",
"summary": "2092143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092143"
},
{
"category": "external",
"summary": "2092217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092217"
},
{
"category": "external",
"summary": "2092220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092220"
},
{
"category": "external",
"summary": "2092349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092349"
},
{
"category": "external",
"summary": "2092372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092372"
},
{
"category": "external",
"summary": "2092400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092400"
},
{
"category": "external",
"summary": "2093266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093266"
},
{
"category": "external",
"summary": "2093848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093848"
},
{
"category": "external",
"summary": "2094179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094179"
},
{
"category": "external",
"summary": "2094853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094853"
},
{
"category": "external",
"summary": "2094856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094856"
},
{
"category": "external",
"summary": "2095155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095155"
},
{
"category": "external",
"summary": "2096209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096209"
},
{
"category": "external",
"summary": "2096414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096414"
},
{
"category": "external",
"summary": "2096509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096509"
},
{
"category": "external",
"summary": "2096513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096513"
},
{
"category": "external",
"summary": "2096823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096823"
},
{
"category": "external",
"summary": "2096937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096937"
},
{
"category": "external",
"summary": "2097216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097216"
},
{
"category": "external",
"summary": "2097287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097287"
},
{
"category": "external",
"summary": "2097305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097305"
},
{
"category": "external",
"summary": "2098121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098121"
},
{
"category": "external",
"summary": "2098261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098261"
},
{
"category": "external",
"summary": "2098536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098536"
},
{
"category": "external",
"summary": "2099265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099265"
},
{
"category": "external",
"summary": "2099581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099581"
},
{
"category": "external",
"summary": "2099609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099609"
},
{
"category": "external",
"summary": "2099646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099646"
},
{
"category": "external",
"summary": "2099660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099660"
},
{
"category": "external",
"summary": "2099724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099724"
},
{
"category": "external",
"summary": "2099965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099965"
},
{
"category": "external",
"summary": "2100326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100326"
},
{
"category": "external",
"summary": "2100352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100352"
},
{
"category": "external",
"summary": "2100946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100946"
},
{
"category": "external",
"summary": "2101139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101139"
},
{
"category": "external",
"summary": "2101380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101380"
},
{
"category": "external",
"summary": "2103818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103818"
},
{
"category": "external",
"summary": "2104833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104833"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6156.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
"tracking": {
"current_release_date": "2024-12-18T00:35:07+00:00",
"generator": {
"date": "2024-12-18T00:35:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:6156",
"initial_release_date": "2022-08-24T13:45:52+00:00",
"revision_history": [
{
"date": "2022-08-24T13:45:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-24T13:45:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T00:35:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.11 for RHEL 8",
"product": {
"name": "RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product_id": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product_id": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product_id": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319?arch=amd64\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23440",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004944"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. This vulnerability can impact data confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23440"
},
{
"category": "external",
"summary": "RHBZ#2004944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr",
"url": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr"
}
],
"release_date": "2021-09-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747"
},
{
"cve": "CVE-2021-23566",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: Information disclosure via valueOf() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23566"
},
{
"category": "external",
"summary": "RHBZ#2050853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2"
}
],
"release_date": "2022-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: Information disclosure via valueOf() function"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-0536",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053259"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "RHBZ#2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
}
],
"release_date": "2022-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24771",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestAlgorithm structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24771"
},
{
"category": "external",
"summary": "RHBZ#2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
},
{
"cve": "CVE-2022-24772",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestInfo ASN.1 structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24772"
},
{
"category": "external",
"summary": "RHBZ#2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
},
{
"cve": "CVE-2022-24773",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `DigestInfo` structure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24773"
},
{
"category": "external",
"summary": "RHBZ#2067461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification leniency in checking `DigestInfo` structure"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-29810",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2022-04-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29810"
},
{
"category": "external",
"summary": "RHBZ#2080279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/438",
"url": "https://github.com/golang/vulndb/issues/438"
}
],
"release_date": "2022-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHSA-2022:6156
Vulnerability from csaf_redhat - Published: 2022-08-24 13:45 - Updated: 2026-01-30 03:05Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Notes
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)
* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6156",
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index",
"url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
},
{
"category": "external",
"summary": "1937117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937117"
},
{
"category": "external",
"summary": "1947482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947482"
},
{
"category": "external",
"summary": "1973317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973317"
},
{
"category": "external",
"summary": "1996829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996829"
},
{
"category": "external",
"summary": "2004944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
},
{
"category": "external",
"summary": "2027724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027724"
},
{
"category": "external",
"summary": "2029298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029298"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2047173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047173"
},
{
"category": "external",
"summary": "2050853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
},
{
"category": "external",
"summary": "2050897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050897"
},
{
"category": "external",
"summary": "2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2056697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056697"
},
{
"category": "external",
"summary": "2058211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058211"
},
{
"category": "external",
"summary": "2060487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060487"
},
{
"category": "external",
"summary": "2060790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060790"
},
{
"category": "external",
"summary": "2061713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061713"
},
{
"category": "external",
"summary": "2063691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063691"
},
{
"category": "external",
"summary": "2064426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064426"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2066514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066514"
},
{
"category": "external",
"summary": "2067079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067079"
},
{
"category": "external",
"summary": "2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "2067461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
},
{
"category": "external",
"summary": "2069314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069314"
},
{
"category": "external",
"summary": "2069319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069319"
},
{
"category": "external",
"summary": "2069812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069812"
},
{
"category": "external",
"summary": "2069815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069815"
},
{
"category": "external",
"summary": "2070542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070542"
},
{
"category": "external",
"summary": "2071494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071494"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073920"
},
{
"category": "external",
"summary": "2074810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074810"
},
{
"category": "external",
"summary": "2075426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075426"
},
{
"category": "external",
"summary": "2075581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075581"
},
{
"category": "external",
"summary": "2076457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076457"
},
{
"category": "external",
"summary": "2077242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077242"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2079866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079866"
},
{
"category": "external",
"summary": "2079873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079873"
},
{
"category": "external",
"summary": "2080279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
},
{
"category": "external",
"summary": "2081680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081680"
},
{
"category": "external",
"summary": "2082028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082028"
},
{
"category": "external",
"summary": "2082078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082078"
},
{
"category": "external",
"summary": "2082497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082497"
},
{
"category": "external",
"summary": "2083074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083074"
},
{
"category": "external",
"summary": "2083441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083441"
},
{
"category": "external",
"summary": "2083953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083953"
},
{
"category": "external",
"summary": "2083993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083993"
},
{
"category": "external",
"summary": "2084041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084041"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2084201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084201"
},
{
"category": "external",
"summary": "2084503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084503"
},
{
"category": "external",
"summary": "2084546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084546"
},
{
"category": "external",
"summary": "2084565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084565"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2085351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085351"
},
{
"category": "external",
"summary": "2085357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085357"
},
{
"category": "external",
"summary": "2086557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086557"
},
{
"category": "external",
"summary": "2086675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086675"
},
{
"category": "external",
"summary": "2086982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086982"
},
{
"category": "external",
"summary": "2086983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086983"
},
{
"category": "external",
"summary": "2087078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087078"
},
{
"category": "external",
"summary": "2087107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087107"
},
{
"category": "external",
"summary": "2087237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087237"
},
{
"category": "external",
"summary": "2087675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087675"
},
{
"category": "external",
"summary": "2087732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087732"
},
{
"category": "external",
"summary": "2087755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087755"
},
{
"category": "external",
"summary": "2088359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088359"
},
{
"category": "external",
"summary": "2088380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088380"
},
{
"category": "external",
"summary": "2088506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088506"
},
{
"category": "external",
"summary": "2088587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088587"
},
{
"category": "external",
"summary": "2089296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089296"
},
{
"category": "external",
"summary": "2089342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089342"
},
{
"category": "external",
"summary": "2089397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089397"
},
{
"category": "external",
"summary": "2089552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089552"
},
{
"category": "external",
"summary": "2089567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089567"
},
{
"category": "external",
"summary": "2089786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089786"
},
{
"category": "external",
"summary": "2089795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089795"
},
{
"category": "external",
"summary": "2089797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089797"
},
{
"category": "external",
"summary": "2090278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090278"
},
{
"category": "external",
"summary": "2090314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090314"
},
{
"category": "external",
"summary": "2090953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090953"
},
{
"category": "external",
"summary": "2091487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091487"
},
{
"category": "external",
"summary": "2091638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091638"
},
{
"category": "external",
"summary": "2091641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091641"
},
{
"category": "external",
"summary": "2091681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091681"
},
{
"category": "external",
"summary": "2091894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091894"
},
{
"category": "external",
"summary": "2091951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091951"
},
{
"category": "external",
"summary": "2091998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091998"
},
{
"category": "external",
"summary": "2092143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092143"
},
{
"category": "external",
"summary": "2092217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092217"
},
{
"category": "external",
"summary": "2092220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092220"
},
{
"category": "external",
"summary": "2092349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092349"
},
{
"category": "external",
"summary": "2092372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092372"
},
{
"category": "external",
"summary": "2092400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092400"
},
{
"category": "external",
"summary": "2093266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093266"
},
{
"category": "external",
"summary": "2093848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093848"
},
{
"category": "external",
"summary": "2094179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094179"
},
{
"category": "external",
"summary": "2094853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094853"
},
{
"category": "external",
"summary": "2094856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094856"
},
{
"category": "external",
"summary": "2095155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095155"
},
{
"category": "external",
"summary": "2096209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096209"
},
{
"category": "external",
"summary": "2096414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096414"
},
{
"category": "external",
"summary": "2096509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096509"
},
{
"category": "external",
"summary": "2096513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096513"
},
{
"category": "external",
"summary": "2096823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096823"
},
{
"category": "external",
"summary": "2096937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096937"
},
{
"category": "external",
"summary": "2097216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097216"
},
{
"category": "external",
"summary": "2097287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097287"
},
{
"category": "external",
"summary": "2097305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097305"
},
{
"category": "external",
"summary": "2098121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098121"
},
{
"category": "external",
"summary": "2098261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098261"
},
{
"category": "external",
"summary": "2098536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098536"
},
{
"category": "external",
"summary": "2099265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099265"
},
{
"category": "external",
"summary": "2099581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099581"
},
{
"category": "external",
"summary": "2099609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099609"
},
{
"category": "external",
"summary": "2099646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099646"
},
{
"category": "external",
"summary": "2099660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099660"
},
{
"category": "external",
"summary": "2099724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099724"
},
{
"category": "external",
"summary": "2099965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099965"
},
{
"category": "external",
"summary": "2100326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100326"
},
{
"category": "external",
"summary": "2100352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100352"
},
{
"category": "external",
"summary": "2100946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100946"
},
{
"category": "external",
"summary": "2101139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101139"
},
{
"category": "external",
"summary": "2101380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101380"
},
{
"category": "external",
"summary": "2103818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103818"
},
{
"category": "external",
"summary": "2104833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104833"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6156.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
"tracking": {
"current_release_date": "2026-01-30T03:05:12+00:00",
"generator": {
"date": "2026-01-30T03:05:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:6156",
"initial_release_date": "2022-08-24T13:45:52+00:00",
"revision_history": [
{
"date": "2022-08-24T13:45:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-24T13:45:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-30T03:05:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.11 for RHEL 8",
"product": {
"name": "RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product_id": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product_id": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product_id": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319?arch=amd64\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64 as a component of RHODF 4.11 for RHEL 8",
"product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
"relates_to_product_reference": "8Base-RHODF-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23440",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004944"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. This vulnerability can impact data confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23440"
},
{
"category": "external",
"summary": "RHBZ#2004944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr",
"url": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr"
}
],
"release_date": "2021-09-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747"
},
{
"cve": "CVE-2021-23566",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: Information disclosure via valueOf() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23566"
},
{
"category": "external",
"summary": "RHBZ#2050853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2"
}
],
"release_date": "2022-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: Information disclosure via valueOf() function"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-0536",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053259"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "RHBZ#2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
}
],
"release_date": "2022-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24771",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestAlgorithm structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24771"
},
{
"category": "external",
"summary": "RHBZ#2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
},
{
"cve": "CVE-2022-24772",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestInfo ASN.1 structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24772"
},
{
"category": "external",
"summary": "RHBZ#2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
},
{
"cve": "CVE-2022-24773",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `DigestInfo` structure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24773"
},
{
"category": "external",
"summary": "RHBZ#2067461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: Signature verification leniency in checking `DigestInfo` structure"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-29810",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2022-04-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29810"
},
{
"category": "external",
"summary": "RHBZ#2080279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/438",
"url": "https://github.com/golang/vulndb/issues/438"
}
],
"release_date": "2022-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"known_not_affected": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-24T13:45:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
"8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
"8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
"8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
"8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
"8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
"8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
"8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
"8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
"8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
"8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
"8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
"8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
"8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
"8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
"8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
"8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
"8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
"8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
"8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHSA-2023:3642
Vulnerability from csaf_redhat - Published: 2023-06-15 15:59 - Updated: 2026-01-30 03:06Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3642",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
},
{
"category": "external",
"summary": "2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "2168965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
},
{
"category": "external",
"summary": "2174461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
},
{
"category": "external",
"summary": "2174462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
},
{
"category": "external",
"summary": "2186142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
"tracking": {
"current_release_date": "2026-01-30T03:06:24+00:00",
"generator": {
"date": "2026-01-30T03:06:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2023:3642",
"initial_release_date": "2023-06-15T15:59:41+00:00",
"revision_history": [
{
"date": "2023-06-15T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-30T03:06:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 6.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42581",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-05-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2083778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ramda: prototype poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42581"
},
{
"category": "external",
"summary": "RHBZ#2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
},
{
"category": "external",
"summary": "https://github.com/ramda/ramda/pull/3192",
"url": "https://github.com/ramda/ramda/pull/3192"
}
],
"release_date": "2022-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ramda: prototype poisoning"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-21680",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082705"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression block.def may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21680"
},
{
"category": "external",
"summary": "RHBZ#2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression block.def may lead Denial of Service"
},
{
"cve": "CVE-2022-21681",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082706"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21681"
},
{
"category": "external",
"summary": "RHBZ#2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
},
{
"cve": "CVE-2022-23498",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167266"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Use of Cache Containing Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23498"
},
{
"category": "external",
"summary": "RHBZ#2167266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
}
],
"release_date": "2023-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Use of Cache Containing Sensitive Information"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26148",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26148"
},
{
"category": "external",
"summary": "RHBZ#2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-31097",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104365"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "RHBZ#2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: stored XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"HTTPVoid team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-31107",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: OAuth account takeover",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "RHBZ#2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: OAuth account takeover"
},
{
"cve": "CVE-2022-31123",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: plugin signature bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31123"
},
{
"category": "external",
"summary": "RHBZ#2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: plugin signature bypass"
},
{
"cve": "CVE-2022-31130",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31130"
},
{
"category": "external",
"summary": "RHBZ#2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39201",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39201"
},
{
"category": "external",
"summary": "RHBZ#2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39306",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138014"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: email addresses and usernames cannot be trusted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39306"
},
{
"category": "external",
"summary": "RHBZ#2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: email addresses and usernames cannot be trusted"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
]
}
],
"cve": "CVE-2022-39307",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138015"
}
],
"notes": [
{
"category": "description",
"text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: User enumeration via forget password",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39307"
},
{
"category": "external",
"summary": "RHBZ#2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: User enumeration via forget password"
},
{
"acknowledgments": [
{
"names": [
"Grafana Security Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39324",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2022-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Spoofing of the originalUrl parameter of snapshots",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39324"
},
{
"category": "external",
"summary": "RHBZ#2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
"url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
}
],
"release_date": "2023-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Spoofing of the originalUrl parameter of snapshots"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41912",
"cwe": {
"id": "CWE-165",
"name": "Improper Neutralization of Multiple Internal Special Elements"
},
"discovery_date": "2022-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149181"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41912"
},
{
"category": "external",
"summary": "RHBZ#2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
},
{
"category": "external",
"summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
}
]
}
RHBA-2022:5721
Vulnerability from csaf_redhat - Published: 2022-07-26 14:43 - Updated: 2026-01-13 22:06Summary
Red Hat Bug Fix Advisory: .NET 6.0 on RHEL 7 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 (BZ#2103267)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 (BZ#2103267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5721",
"url": "https://access.redhat.com/errata/RHBA-2022:5721"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5721.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 on RHEL 7 bugfix update",
"tracking": {
"current_release_date": "2026-01-13T22:06:33+00:00",
"generator": {
"date": "2026-01-13T22:06:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHBA-2022:5721",
"initial_release_date": "2022-07-26T14:43:04+00:00",
"revision_history": [
{
"date": "2022-07-26T14:43:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-26T14:43:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-runtime-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-targeting-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-apphost-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-host@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-hostfxr-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-runtime-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-targeting-pack-6.0@6.0.7-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-templates-6.0@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-netstandard-targeting-pack-2.1@6.0.107-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product_id": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-debuginfo@6.0.107-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product_id": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.107-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-26T14:43:04+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5721"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.src",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.7-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.107-1.el7_9.x86_64",
"7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.107-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHBA-2022_5749
Vulnerability from csaf_redhat - Published: 2022-07-28 10:19 - Updated: 2024-11-22 18:58Summary
Red Hat Bug Fix Advisory: .NET 6.0 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-9.0.0.z] (BZ#2105398)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-9.0.0.z] (BZ#2105398)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5749",
"url": "https://access.redhat.com/errata/RHBA-2022:5749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5749.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 bugfix update",
"tracking": {
"current_release_date": "2024-11-22T18:58:39+00:00",
"generator": {
"date": "2024-11-22T18:58:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2022:5749",
"initial_release_date": "2022-07-28T10:19:02+00:00",
"revision_history": [
{
"date": "2022-07-28T10:19:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-28T10:19:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:58:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product_id": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0@6.0.107-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el9_0.src",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-28T10:19:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022_6037
Vulnerability from csaf_redhat - Published: 2022-08-10 10:17 - Updated: 2024-11-22 19:54Summary
Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.\n\nSecurity Fix(es):\n\n* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6037",
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6037.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T19:54:24+00:00",
"generator": {
"date": "2024-11-22T19:54:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6037",
"initial_release_date": "2022-08-10T10:17:53+00:00",
"revision_history": [
{
"date": "2022-08-10T10:17:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-10T10:17:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:54:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.422-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product_id": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.422-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T10:17:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-34716",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115183"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: External Entity Injection during XML signature verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34716"
},
{
"category": "external",
"summary": "RHBZ#2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/232",
"url": "https://github.com/dotnet/announcements/issues/232"
}
],
"release_date": "2022-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T10:17:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: External Entity Injection during XML signature verification"
}
]
}
RHSA-2022:6429
Vulnerability from csaf_redhat - Published: 2022-09-13 00:58 - Updated: 2026-01-21 22:30Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.4 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* nodejs-url-parse: authorization bypass through user-controlled key (CVE-2022-0512)
* npm-url-parse: Authorization bypass through user-controlled key (CVE-2022-0686)
* npm-url-parse: authorization bypass through user-controlled key (CVE-2022-0691)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* nodejs-lodash: command injection via template (CVE-2021-23337)
* npm-url-parse: Authorization Bypass Through User-Controlled Key (CVE-2022-0639)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-url-parse: authorization bypass through user-controlled key (CVE-2022-0512)\n\n* npm-url-parse: Authorization bypass through user-controlled key (CVE-2022-0686)\n\n* npm-url-parse: authorization bypass through user-controlled key (CVE-2022-0691)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* npm-url-parse: Authorization Bypass Through User-Controlled Key (CVE-2022-0639)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6429",
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "2054663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054663"
},
{
"category": "external",
"summary": "2057442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057442"
},
{
"category": "external",
"summary": "2060018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060018"
},
{
"category": "external",
"summary": "2060020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060020"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6429.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
"tracking": {
"current_release_date": "2026-01-21T22:30:34+00:00",
"generator": {
"date": "2026-01-21T22:30:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2022:6429",
"initial_release_date": "2022-09-13T00:58:09+00:00",
"revision_history": [
{
"date": "2022-09-13T00:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-13T00:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-21T22:30:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.4-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.4-17"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.4-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.4-14"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.4-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.4-12"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.4-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.4-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "RHBZ#1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "RHBZ#1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2022-0512",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2054663"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol \"@\" at the end of the password field. This issue can allow entry to systems designed to block remote access and may not have additional defenses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-url-parse: authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0512"
},
{
"category": "external",
"summary": "RHBZ#2054663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054663"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512"
}
],
"release_date": "2022-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-url-parse: authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-0639",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057442"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol (@) while submitting a URL. This issue enables the bypass of validation or block-listing restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0639"
},
{
"category": "external",
"summary": "RHBZ#2057442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0639"
}
],
"release_date": "2022-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "npm-url-parse: Authorization Bypass Through User-Controlled Key"
},
{
"cve": "CVE-2022-0686",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060018"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon (:), but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the vulnerable server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: Authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0686"
},
{
"category": "external",
"summary": "RHBZ#2060018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0686"
}
],
"release_date": "2022-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "npm-url-parse: Authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-0691",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060020"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character (\\b) while submitting a URL. This vulnerability can enable bypassing any hostname checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-url-parse: authorization bypass through user-controlled key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0691"
},
{
"category": "external",
"summary": "RHBZ#2060020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0691"
}
],
"release_date": "2022-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "npm-url-parse: authorization bypass through user-controlled key"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-13T00:58:09+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6429"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:f7a1f30c7c41d792b0e10a08a70e838bd362db24eb80143276ae571f2476dad6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c786337243812d9fa8ea8f24532e43b82154d6d14bcdc8b3171b1156c0e7372e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:745e4c70067a4d9a4bdc300fa8cfe1809383a8a0f61d86c6c91f00d275c129b6_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:4fe298bde2e47e70c410c7256c996c69e961c80ca541b1f38f409c95050ce52e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:7eb8ceb9aa809e44a7c4aca7449c06ead2550855e0d1a924228acd1498af59f7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e2fbf4416b52c5a9fb9c7a9c5f5ed4f865e50114ab2241b3352dff018710a467_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3f7f986af79180370ff64404595adcf2852afc6bdf9405aad19095d539096c36_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0c476ff9c1bb0bb6afe5d93274d2ffa8f69eb93f1f240de2c0fe9c666f6c225f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0d8367d8e3d2babac920199a90aa93bc6c1de0f90ab0fbbef7c7b19df2556c18_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cf62dcc9b9a81bc3a7b13bb302f13ae891327e78f253a3eb7ee696911ab38561_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:7a64556b6cb9e84635f06bd0ec2c6294302229c53f4fb7d34f5e941ca84712ad_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:640a1c9bed3a04580cd47233d643d4c394a904be900698f6fa2d2a78223504f8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:afe5e71a36eba86c80351bf442cb8bfa58f494eda9757e7efc1db1229db55c7a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:dc25cf4cbda5e0087f30be64e5530c02d235ddc80ea13a0e867fe75874080242_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:f9bd87d58290e5f3761d44a9cb1da6c91fcd1ad0a11a8a62b59035d9d201eaf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:d9541b848e089cebc07bf69facedcedee470268ba9a7afd28644f797bfbae8a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:016aed43d06aff0c2beb7f47fa45982118c2f039693bcfd7fb94f4ba88eb845a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
}
]
}
RHSA-2022:6057
Vulnerability from csaf_redhat - Published: 2022-08-15 09:04 - Updated: 2026-01-13 22:06Summary
Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.\n\nSecurity Fix(es):\n\n* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6057",
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6057.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-01-13T22:06:38+00:00",
"generator": {
"date": "2026-01-13T22:06:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2022:6057",
"initial_release_date": "2022-08-15T09:04:46+00:00",
"revision_history": [
{
"date": "2022-08-15T09:04:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-15T09:04:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.28-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.422-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product_id": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.422-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product_id": "dotnet3.1-0:3.1.422-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1@3.1.422-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src"
},
"product_reference": "dotnet3.1-0:3.1.422-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.422-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src"
},
"product_reference": "dotnet3.1-0:3.1.422-1.el8_6.src",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-15T09:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-34716",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115183"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: External Entity Injection during XML signature verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34716"
},
{
"category": "external",
"summary": "RHBZ#2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/232",
"url": "https://github.com/dotnet/announcements/issues/232"
}
],
"release_date": "2022-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-15T09:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.28-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.422-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.422-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.422-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: External Entity Injection during XML signature verification"
}
]
}
RHSA-2022:6813
Vulnerability from csaf_redhat - Published: 2022-10-05 10:44 - Updated: 2026-01-29 15:31Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6813",
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update",
"tracking": {
"current_release_date": "2026-01-29T15:31:11+00:00",
"generator": {
"date": "2026-01-29T15:31:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:6813",
"initial_release_date": "2022-10-05T10:44:49+00:00",
"revision_history": [
{
"date": "2022-10-05T10:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-05T10:44:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-29T15:31:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7746",
"discovery_date": "2020-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2096966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object\u0027s keys that are being set are not checked, possibly allowing a prototype pollution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chart.js: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7746"
},
{
"category": "external",
"summary": "RHBZ#2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chart.js: prototype pollution"
},
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-23436",
"discovery_date": "2021-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041833"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23436"
},
{
"category": "external",
"summary": "RHBZ#2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436"
}
],
"release_date": "2021-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-0722",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2103584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0722"
},
{
"category": "external",
"summary": "RHBZ#2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226",
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"release_date": "2022-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url"
},
{
"cve": "CVE-2022-1365",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2076133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1365"
},
{
"category": "external",
"summary": "RHBZ#2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/",
"url": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/"
}
],
"release_date": "2022-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor"
},
{
"acknowledgments": [
{
"names": [
"Paulino Calderon"
],
"organization": "Websec"
}
],
"cve": "CVE-2022-1415",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "drools: unsafe data deserialization in StreamUtils",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1415"
},
{
"category": "external",
"summary": "RHBZ#2065505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415"
}
],
"release_date": "2022-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "drools: unsafe data deserialization in StreamUtils"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-2458",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2022-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107994"
}
],
"notes": [
{
"category": "description",
"text": "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Business-central: Possible XML External Entity Injection attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2458"
},
{
"category": "external",
"summary": "RHBZ#2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2458"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458"
}
],
"release_date": "2022-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Business-central: Possible XML External Entity Injection attack"
},
{
"cve": "CVE-2022-21363",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047343"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21363"
},
{
"category": "external",
"summary": "RHBZ#2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors"
},
{
"cve": "CVE-2022-21724",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050863"
}
],
"notes": [
{
"category": "description",
"text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21724"
},
{
"category": "external",
"summary": "RHBZ#2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4",
"url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes"
},
{
"acknowledgments": [
{
"names": [
"Sergey Temnikov",
"Ziyi Luo"
],
"organization": "Amazon Corretto",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-23437",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xerces-j2: infinite loop when handling specially crafted XML document payloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23437"
},
{
"category": "external",
"summary": "RHBZ#2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437"
}
],
"release_date": "2022-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xerces-j2: infinite loop when handling specially crafted XML document payloads"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24771",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestAlgorithm structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24771"
},
{
"category": "external",
"summary": "RHBZ#2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
},
{
"cve": "CVE-2022-24772",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestInfo ASN.1 structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24772"
},
{
"category": "external",
"summary": "RHBZ#2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26520",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2022-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064007"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: Arbitrary File Write Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26520"
},
{
"category": "external",
"summary": "RHBZ#2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql-jdbc: Arbitrary File Write Vulnerability"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHBA-2022:5747
Vulnerability from csaf_redhat - Published: 2022-07-28 10:19 - Updated: 2026-01-13 22:06Summary
Red Hat Bug Fix Advisory: .NET 6.0 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-8.6.0.z] (BZ#2105397)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-8.6.0.z] (BZ#2105397)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5747",
"url": "https://access.redhat.com/errata/RHBA-2022:5747"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5747.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 bugfix update",
"tracking": {
"current_release_date": "2026-01-13T22:06:33+00:00",
"generator": {
"date": "2026-01-13T22:06:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHBA-2022:5747",
"initial_release_date": "2022-07-28T10:19:12+00:00",
"revision_history": [
{
"date": "2022-07-28T10:19:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-28T10:19:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product_id": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0@6.0.107-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el8_6.src",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-28T10:19:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022:6037
Vulnerability from csaf_redhat - Published: 2022-08-10 10:17 - Updated: 2026-01-13 22:06Summary
Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.\n\nSecurity Fix(es):\n\n* dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6037",
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6037.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-01-13T22:06:34+00:00",
"generator": {
"date": "2026-01-13T22:06:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2022:6037",
"initial_release_date": "2022-08-10T10:17:53+00:00",
"revision_history": [
{
"date": "2022-08-10T10:17:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-10T10:17:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.28-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.422-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.422-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product_id": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.422-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T10:17:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-34716",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115183"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: External Entity Injection during XML signature verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34716"
},
{
"category": "external",
"summary": "RHBZ#2115183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/232",
"url": "https://github.com/dotnet/announcements/issues/232"
}
],
"release_date": "2022-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T10:17:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6037"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.28-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.422-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.422-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: External Entity Injection during XML signature verification"
}
]
}
RHBA-2022:5749
Vulnerability from csaf_redhat - Published: 2022-07-28 10:19 - Updated: 2026-01-13 22:06Summary
Red Hat Bug Fix Advisory: .NET 6.0 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-9.0.0.z] (BZ#2105398)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-9.0.0.z] (BZ#2105398)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5749",
"url": "https://access.redhat.com/errata/RHBA-2022:5749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5749.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 bugfix update",
"tracking": {
"current_release_date": "2026-01-13T22:06:33+00:00",
"generator": {
"date": "2026-01-13T22:06:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHBA-2022:5749",
"initial_release_date": "2022-07-28T10:19:02+00:00",
"revision_history": [
{
"date": "2022-07-28T10:19:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-28T10:19:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product_id": "dotnet6.0-0:6.0.107-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0@6.0.107-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el9_0.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el9_0.src",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-28T10:19:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el9_0.src",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el9_0.x86_64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.aarch64",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.s390x",
"CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022_6813
Vulnerability from csaf_redhat - Published: 2022-10-05 10:44 - Updated: 2024-12-18 00:36Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6813",
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update",
"tracking": {
"current_release_date": "2024-12-18T00:36:53+00:00",
"generator": {
"date": "2024-12-18T00:36:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:6813",
"initial_release_date": "2022-10-05T10:44:49+00:00",
"revision_history": [
{
"date": "2022-10-05T10:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-05T10:44:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T00:36:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7746",
"discovery_date": "2020-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2096966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object\u0027s keys that are being set are not checked, possibly allowing a prototype pollution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chart.js: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7746"
},
{
"category": "external",
"summary": "RHBZ#2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chart.js: prototype pollution"
},
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-23436",
"discovery_date": "2021-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041833"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23436"
},
{
"category": "external",
"summary": "RHBZ#2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436"
}
],
"release_date": "2021-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-0722",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2103584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0722"
},
{
"category": "external",
"summary": "RHBZ#2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226",
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"release_date": "2022-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url"
},
{
"cve": "CVE-2022-1365",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2076133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1365"
},
{
"category": "external",
"summary": "RHBZ#2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/",
"url": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/"
}
],
"release_date": "2022-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor"
},
{
"acknowledgments": [
{
"names": [
"Paulino Calderon"
],
"organization": "Websec"
}
],
"cve": "CVE-2022-1415",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "drools: unsafe data deserialization in StreamUtils",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1415"
},
{
"category": "external",
"summary": "RHBZ#2065505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415"
}
],
"release_date": "2022-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "drools: unsafe data deserialization in StreamUtils"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-2458",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2022-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107994"
}
],
"notes": [
{
"category": "description",
"text": "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Business-central: Possible XML External Entity Injection attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2458"
},
{
"category": "external",
"summary": "RHBZ#2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2458"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458"
}
],
"release_date": "2022-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Business-central: Possible XML External Entity Injection attack"
},
{
"cve": "CVE-2022-21363",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047343"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21363"
},
{
"category": "external",
"summary": "RHBZ#2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors"
},
{
"cve": "CVE-2022-21724",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050863"
}
],
"notes": [
{
"category": "description",
"text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21724"
},
{
"category": "external",
"summary": "RHBZ#2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4",
"url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes"
},
{
"acknowledgments": [
{
"names": [
"Sergey Temnikov",
"Ziyi Luo"
],
"organization": "Amazon Corretto",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-23437",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xerces-j2: infinite loop when handling specially crafted XML document payloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23437"
},
{
"category": "external",
"summary": "RHBZ#2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437"
}
],
"release_date": "2022-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xerces-j2: infinite loop when handling specially crafted XML document payloads"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24771",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestAlgorithm structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24771"
},
{
"category": "external",
"summary": "RHBZ#2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
},
{
"cve": "CVE-2022-24772",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestInfo ASN.1 structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24772"
},
{
"category": "external",
"summary": "RHBZ#2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26520",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2022-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064007"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: Arbitrary File Write Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26520"
},
{
"category": "external",
"summary": "RHBZ#2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql-jdbc: Arbitrary File Write Vulnerability"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHBA-2022_5747
Vulnerability from csaf_redhat - Published: 2022-07-28 10:19 - Updated: 2024-11-22 18:58Summary
Red Hat Bug Fix Advisory: .NET 6.0 bugfix update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
Bug Fix(es) and Enhancement(s):
* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-8.6.0.z] (BZ#2105397)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nBug Fix(es) and Enhancement(s):\n\n* Update .NET 6.0 to SDK 6.0.107 and Runtime 6.0.7 [rhel-8.6.0.z] (BZ#2105397)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:5747",
"url": "https://access.redhat.com/errata/RHBA-2022:5747"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_5747.json"
}
],
"title": "Red Hat Bug Fix Advisory: .NET 6.0 bugfix update",
"tracking": {
"current_release_date": "2024-11-22T18:58:31+00:00",
"generator": {
"date": "2024-11-22T18:58:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2022:5747",
"initial_release_date": "2022-07-28T10:19:12+00:00",
"revision_history": [
{
"date": "2022-07-28T10:19:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-28T10:19:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:58:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product_id": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.7-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.107-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.107-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product_id": "dotnet6.0-0:6.0.107-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet6.0@6.0.107-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64"
},
"product_reference": "dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-0:6.0.107-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src"
},
"product_reference": "dotnet6.0-0:6.0.107-1.el8_6.src",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
},
"product_reference": "netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-28T10:19:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:5747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.7-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.107-1.el8_6.src",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.107-1.el8_6.x86_64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.aarch64",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.s390x",
"CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.107-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eventsource: Exposure of Sensitive Information"
}
]
}
RHSA-2022_7055
Vulnerability from csaf_redhat - Published: 2022-10-19 12:55 - Updated: 2024-12-18 00:37Summary
Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update
Notes
Topic
An update is now available for Red Hat Openshift distributed tracing 2.6.0
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.6.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7055",
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2024702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
},
{
"category": "external",
"summary": "2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7055.json"
}
],
"title": "Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update",
"tracking": {
"current_release_date": "2024-12-18T00:37:11+00:00",
"generator": {
"date": "2024-12-18T00:37:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:7055",
"initial_release_date": "2022-10-19T12:55:42+00:00",
"revision_history": [
{
"date": "2022-10-19T12:55:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-19T12:55:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T00:37:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.6",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64 as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64 as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3918",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2024702"
}
],
"notes": [
{
"category": "description",
"text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-json-schema: Prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "RHBZ#2024702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
}
],
"release_date": "2021-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-json-schema: Prototype pollution vulnerability"
},
{
"cve": "CVE-2022-0536",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053259"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "RHBZ#2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
}
],
"release_date": "2022-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHSA-2022:7055
Vulnerability from csaf_redhat - Published: 2022-10-19 12:55 - Updated: 2026-01-29 15:31Summary
Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update
Notes
Topic
An update is now available for Red Hat Openshift distributed tracing 2.6.0
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.6.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7055",
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2024702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
},
{
"category": "external",
"summary": "2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7055.json"
}
],
"title": "Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update",
"tracking": {
"current_release_date": "2026-01-29T15:31:14+00:00",
"generator": {
"date": "2026-01-29T15:31:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:7055",
"initial_release_date": "2022-10-19T12:55:42+00:00",
"revision_history": [
{
"date": "2022-10-19T12:55:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-19T12:55:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-29T15:31:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.6",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.60.0-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.60.0-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64 as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64 as a component of Red Hat OpenShift distributed tracing 2.6",
"product_id": "8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3918",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2024702"
}
],
"notes": [
{
"category": "description",
"text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-json-schema: Prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "RHBZ#2024702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
}
],
"release_date": "2021-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-json-schema: Prototype pollution vulnerability"
},
{
"cve": "CVE-2022-0536",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053259"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "RHBZ#2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
}
],
"release_date": "2022-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-19T12:55:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:19b497addaa9210f2b2048421a5a8ef1a8748bbb0884af10e23c59473dda544b_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:2089cab411ac3fc66784bacdf080ed6ff51d0a4450cc7f246915e96ed6cf8665_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-collector-rhel8@sha256:9bc1969a7862230282b9f8b902906e51cb0fdb3e3c368579a580eaccaacc7b03_amd64",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:3ed70e814b9458affbf3ad5057a741b9f453095220c6548e2bd2960a6cdf6314_s390x",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:6c35a77e6118ba050a01e0dd5f0f6cca20211ac513cb4d92ae4058f78459610d_ppc64le",
"8Base-RHOSDT-2.6:rhosdt/opentelemetry-rhel8-operator@sha256:74d8fed59e7ed6389bfbf08bd6279b035f18fddd82056f597e6d34ccbb99c865_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
GSD-2022-1650
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1650",
"description": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.",
"id": "GSD-2022-1650",
"references": [
"https://access.redhat.com/errata/RHSA-2022:5006",
"https://access.redhat.com/errata/RHSA-2022:5030",
"https://access.redhat.com/errata/RHBA-2022:5721",
"https://access.redhat.com/errata/RHBA-2022:5747",
"https://access.redhat.com/errata/RHBA-2022:5749",
"https://access.redhat.com/errata/RHSA-2022:6037",
"https://access.redhat.com/errata/RHSA-2022:6057",
"https://access.redhat.com/errata/RHSA-2022:6156",
"https://access.redhat.com/errata/RHSA-2022:6429",
"https://access.redhat.com/errata/RHSA-2022:7055",
"https://access.redhat.com/errata/RHSA-2022:6813"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1650"
],
"details": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n",
"id": "GSD-2022-1650",
"modified": "2023-12-13T01:19:28.053268Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eventsource/eventsource",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.0.0",
"versionType": "custom"
},
{
"lessThan": "v2.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.1.1"
}
]
}
}
]
}
}
]
},
"vendor_name": "eventsource"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-212",
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4",
"refsource": "MISC",
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
]
},
"source": {
"advisory": "dc9e467f-be5d-4945-867d-1044d27e9b8e",
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.1.1||\u003e=2.0.0 \u003c2.0.2",
"affected_versions": "All versions before 1.1.1, all versions starting from 2.0.0 before 2.0.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-212",
"CWE-937"
],
"date": "2023-08-02",
"description": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.",
"fixed_versions": [
"1.1.1",
"2.0.2"
],
"identifier": "CVE-2022-1650",
"identifiers": [
"CVE-2022-1650",
"GHSA-6h5x-7c5m-7cr7"
],
"not_impacted": "All versions starting from 1.1.1 before 2.0.0, all versions starting from 2.0.2",
"package_slug": "npm/eventsource",
"pubdate": "2022-05-12",
"solution": "Upgrade to versions 1.1.1, 2.0.2 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4",
"https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"https://github.com/advisories/GHSA-6h5x-7c5m-7cr7"
],
"uuid": "503509a0-ba05-494a-9833-502f10c72f21"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1650"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8
}
},
"lastModifiedDate": "2023-08-02T09:15Z",
"publishedDate": "2022-05-12T11:15Z"
}
}
}
FKIE_CVE-2022-1650
Vulnerability from fkie_nvd - Published: 2022-05-12 11:15 - Updated: 2024-11-21 06:41
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| security@huntr.dev | https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eventsource | eventsource | * | |
| eventsource | eventsource | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*",
"matchCriteriaId": "7AC35E5D-57F8-4BF5-A812-C02E420D30C0",
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eventsource:eventsource:*:*:*:*:node.js:*:*:*",
"matchCriteriaId": "AF673C3C-2DB2-4915-8520-09E33629D98E",
"versionEndExcluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n"
},
{
"lang": "es",
"value": "Una Exposici\u00f3n de Informaci\u00f3n Confidencial a un Actor no Autorizado en el repositorio GitHub eventsource/eventsource versiones anteriores a v2.0.2"
}
],
"id": "CVE-2022-1650",
"lastModified": "2024-11-21T06:41:10.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T11:15:07.290",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
WID-SEC-W-2022-0288
Vulnerability from csaf_certbund - Published: 2022-06-13 22:00 - Updated: 2025-05-04 22:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen, einen nicht näher spezifizierten Angriff durchzuführen, vertrauliche Informationen offenzulegen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0288 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0288.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0288 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0288"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-06-13",
"url": "https://access.redhat.com/errata/RHSA-2022:5003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-06-13",
"url": "https://access.redhat.com/errata/RHSA-2022:5006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5030 vom 2022-06-14",
"url": "https://access.redhat.com/errata/RHSA-2022:5030"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5201 vom 2022-06-28",
"url": "https://access.redhat.com/errata/RHSA-2022:5201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5392 vom 2022-06-28",
"url": "https://access.redhat.com/errata/RHSA-2022:5392"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5337 vom 2022-07-01",
"url": "https://access.redhat.com/errata/RHSA-2022:5337"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5415 vom 2022-06-30",
"url": "https://access.redhat.com/errata/RHSA-2022:5415"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5004 vom 2022-07-04",
"url": "https://access.redhat.com/errata/RHSA-2022:5004"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-17956 vom 2022-07-15",
"url": "https://linux.oracle.com/errata/ELSA-2022-17956.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9588 vom 2022-07-12",
"url": "https://linux.oracle.com/errata/ELSA-2022-9588.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9589 vom 2022-07-12",
"url": "https://linux.oracle.com/errata/ELSA-2022-9589.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5840 vom 2022-08-02",
"url": "https://access.redhat.com/errata/RHSA-2022:5840"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5875 vom 2022-08-09",
"url": "https://access.redhat.com/errata/RHSA-2022:5875"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1830 vom 2022-08-08",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6040 vom 2022-08-10",
"url": "https://access.redhat.com/errata/RHSA-2022:6040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6042 vom 2022-08-10",
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5559-1 vom 2022-08-10",
"url": "https://ubuntu.com/security/notices/USN-5559-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5068 vom 2022-08-10",
"url": "https://access.redhat.com/errata/RHSA-2022:5068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6094 vom 2022-08-24",
"url": "https://access.redhat.com/errata/RHSA-2022:6094"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6156 vom 2022-08-24",
"url": "https://access.redhat.com/errata/RHSA-2022:6156"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6155 vom 2022-08-24",
"url": "https://access.redhat.com/errata/RHSA-2022:6155"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6187 vom 2022-08-25",
"url": "https://access.redhat.com/errata/RHSA-2022:6187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6290 vom 2022-09-01",
"url": "https://access.redhat.com/errata/RHSA-2022:6290"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6277 vom 2022-09-01",
"url": "https://access.redhat.com/errata/RHSA-2022:6277"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6272 vom 2022-08-31",
"url": "https://access.redhat.com/errata/RHSA-2022:6272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6152 vom 2022-09-01",
"url": "https://access.redhat.com/errata/RHSA-2022:6152"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9773 vom 2022-09-09",
"url": "https://linux.oracle.com/errata/ELSA-2022-9773.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9772 vom 2022-09-08",
"url": "https://linux.oracle.com/errata/ELSA-2022-9772.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6430 vom 2022-09-13",
"url": "https://access.redhat.com/errata/RHSA-2022:6430"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6714 vom 2022-09-26",
"url": "https://access.redhat.com/errata/RHSA-2022:6714"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9856 vom 2022-10-03",
"url": "https://linux.oracle.com/errata/ELSA-2022-9856.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9853 vom 2022-10-06",
"url": "https://linux.oracle.com/errata/ELSA-2022-9853.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9854 vom 2022-10-05",
"url": "https://linux.oracle.com/errata/ELSA-2022-9854.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1859 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1859.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-20 vom 2022-10-26",
"url": "https://www.tenable.com/security/tns-2022-20"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-10033 vom 2022-11-30",
"url": "https://linux.oracle.com/errata/ELSA-2022-10033.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-10036 vom 2022-11-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-10036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8750 vom 2022-12-02",
"url": "https://access.redhat.com/errata/RHSA-2022:8750"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-28 vom 2022-12-19",
"url": "https://www.tenable.com/security/tns-2022-28"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12013 vom 2023-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2023-12013.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12014 vom 2023-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2023-12014.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12011 vom 2023-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2023-12011.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12012 vom 2023-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2023-12012.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0076 vom 2023-01-11",
"url": "https://access.redhat.com/errata/RHSA-2023:0076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07",
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6955067 vom 2023-03-16",
"url": "https://www.ibm.com/support/pages/node/6955067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06",
"url": "https://access.redhat.com/errata/RHSA-2023:3914"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06",
"url": "https://access.redhat.com/errata/RHSA-2023:3915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4003 vom 2023-07-10",
"url": "https://access.redhat.com/errata/RHSA-2023:4003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2025-055 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2025-055.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4437 vom 2025-05-05",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T08:09:21.327+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0288",
"initial_release_date": "2022-06-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-06-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-06-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-22T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-E46E6E8317, FEDORA-2022-BA365D3703, FEDORA-2022-FE8D1879BC"
},
{
"date": "2022-06-27T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-28T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-30T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-07-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-07-14T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-08-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-08T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora, Red Hat und Amazon aufgenommen"
},
{
"date": "2022-08-09T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2022-08-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2022-08-23T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-24T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-25T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-31T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-08T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-09-12T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-26T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-23T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-29T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-12-01T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-01-10T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-15T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-05T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-10T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "44"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.14",
"product": {
"name": "IBM Spectrum Protect \u003c10.1.14",
"product_id": "T026783"
}
},
{
"category": "product_version",
"name": "10.1.14",
"product": {
"name": "IBM Spectrum Protect 10.1.14",
"product_id": "T026783-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:10.1.14"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Service Interconnect 1",
"product": {
"name": "Red Hat Enterprise Linux Service Interconnect 1",
"product_id": "T028472",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:service_interconnect_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.13",
"product_id": "T043288"
}
},
{
"category": "product_version",
"name": "7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.13",
"product_id": "T043288-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.13"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c2.0.10",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c2.0.10",
"product_id": "T023475"
}
},
{
"category": "product_version",
"name": "Service Mesh 2.0.10",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.0.10",
"product_id": "T023475-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh__2.0.10"
}
}
},
{
"category": "product_version_range",
"name": "OpenShift Service Mesh \u003c2.1.3",
"product": {
"name": "Red Hat OpenShift OpenShift Service Mesh \u003c2.1.3",
"product_id": "T023476"
}
},
{
"category": "product_version",
"name": "OpenShift Service Mesh 2.1.3",
"product": {
"name": "Red Hat OpenShift OpenShift Service Mesh 2.1.3",
"product_id": "T023476-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:openshift_service_mesh__2.1.3"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.11",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.11",
"product_id": "T028205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.11"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.44",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.44",
"product_id": "T028416"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.44",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.44",
"product_id": "T028416-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.3.1",
"product": {
"name": "Tenable Security Nessus \u003c10.3.1",
"product_id": "T025130"
}
},
{
"category": "product_version",
"name": "10.3.1",
"product": {
"name": "Tenable Security Nessus 10.3.1",
"product_id": "T025130-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.3.1"
}
}
}
],
"category": "product_name",
"name": "Nessus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.0",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.2.0",
"product_id": "T025651"
}
},
{
"category": "product_version",
"name": "6.2.0",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.2.0",
"product_id": "T025651-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.2.0"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-28327",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-29224",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-29224"
},
{
"cve": "CVE-2022-29225",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-29225"
},
{
"cve": "CVE-2022-29226",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-29226"
},
{
"cve": "CVE-2022-29228",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-29228"
},
{
"cve": "CVE-2022-31045",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"T023475",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-31045"
},
{
"cve": "CVE-2022-1650",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-1650"
},
{
"cve": "CVE-2022-24785",
"product_status": {
"known_affected": [
"T025130",
"T008027",
"T028472",
"67646",
"T012167",
"T004914",
"T000126",
"T028416",
"398363",
"T023476",
"T028205",
"T026783",
"T025651",
"T043288"
]
},
"release_date": "2022-06-13T22:00:00.000+00:00",
"title": "CVE-2022-24785"
}
]
}
GHSA-6H5X-7C5M-7CR7
Vulnerability from github – Published: 2022-05-13 00:01 – Updated: 2022-05-25 19:28
VLAI?
Summary
Exposure of Sensitive Information in eventsource
Details
When fetching an url with a link to an external site (Redirect), the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized."
Severity ?
9.3 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "eventsource"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "eventsource"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1650"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-212"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T19:27:47Z",
"nvd_published_at": "2022-05-12T11:15:00Z",
"severity": "CRITICAL"
},
"details": "When fetching an url with a link to an external site (Redirect), the users Cookies \u0026 Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be \"sanitized.\"",
"id": "GHSA-6h5x-7c5m-7cr7",
"modified": "2022-05-25T19:28:43Z",
"published": "2022-05-13T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"type": "WEB",
"url": "https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508"
},
{
"type": "WEB",
"url": "https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2"
},
{
"type": "WEB",
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"type": "PACKAGE",
"url": "https://github.com/eventsource/eventsource"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Sensitive Information in eventsource"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…