Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-3757
Vulnerability from cvelistv5
Published
2021-09-02 12:06
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| immerjs | immerjs/immer |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "immerjs/immer",
"vendor": "immerjs",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T12:06:26",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
},
"title": "Prototype Pollution in immerjs/immer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution in immerjs/immer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "immerjs/immer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.0.5"
}
]
}
}
]
},
"vendor_name": "immerjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
]
},
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3757",
"datePublished": "2021-09-02T12:06:26",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3757\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2021-09-02T12:15:07.617\",\"lastModified\":\"2024-11-21T06:22:21.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"},{\"lang\":\"es\",\"value\":\"immer es vulnerable a una Modificaci\u00f3n Controlada Inapropiada de Atributos de Prototipos de Objetos (\\\"Contaminaci\u00f3n de Prototipos\\\")\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"9.0.5\",\"matchCriteriaId\":\"FA569641-1319-4F9F-B724-2D8F6C01676F\"}]}]}],\"references\":[{\"url\":\"https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
fkie_cve-2021-3757
Vulnerability from fkie_nvd
Published
2021-09-02 12:15
Modified
2024-11-21 06:22
Severity ?
Summary
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| immer_project | immer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FA569641-1319-4F9F-B724-2D8F6C01676F",
"versionEndIncluding": "9.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
{
"lang": "es",
"value": "immer es vulnerable a una Modificaci\u00f3n Controlada Inapropiada de Atributos de Prototipos de Objetos (\"Contaminaci\u00f3n de Prototipos\")"
}
],
"id": "CVE-2021-3757",
"lastModified": "2024-11-21T06:22:21.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-02T12:15:07.617",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
rhsa-2021:4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2025-02-06 23:56
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2025-02-06T23:56:27+00:00",
"generator": {
"date": "2025-02-06T23:56:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-06T23:56:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
rhsa-2021_4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2024-11-22 17:29
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2024-11-22T17:29:39+00:00",
"generator": {
"date": "2024-11-22T17:29:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:29:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
RHSA-2021:4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2025-02-06 23:56
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2025-02-06T23:56:27+00:00",
"generator": {
"date": "2025-02-06T23:56:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-06T23:56:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
ghsa-c36v-fmgq-m8hx
Vulnerability from github
Published
2021-09-07 22:57
Modified
2024-04-25 22:09
Severity ?
Summary
Prototype Pollution in immer
Details
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "immer"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "9.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3757"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-03T20:17:21Z",
"nvd_published_at": "2021-09-02T12:15:00Z",
"severity": "HIGH"
},
"details": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027).",
"id": "GHSA-c36v-fmgq-m8hx",
"modified": "2024-04-25T22:09:12Z",
"published": "2021-09-07T22:57:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"type": "WEB",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"type": "PACKAGE",
"url": "https://github.com/immerjs/immer"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in immer"
}
gsd-2021-3757
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3757",
"description": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"id": "GSD-2021-3757",
"references": [
"https://access.redhat.com/errata/RHSA-2021:4848"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3757"
],
"details": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"id": "GSD-2021-3757",
"modified": "2023-12-13T01:23:34.063107Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution in immerjs/immer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "immerjs/immer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.0.5"
}
]
}
}
]
},
"vendor_name": "immerjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
]
},
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=9.0.5",
"affected_versions": "All versions up to 9.0.5",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1321",
"CWE-937"
],
"date": "2022-09-10",
"description": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"fixed_versions": [
"9.0.6"
],
"identifier": "CVE-2021-3757",
"identifiers": [
"CVE-2021-3757"
],
"not_impacted": "All versions after 9.0.5",
"package_slug": "npm/immer",
"pubdate": "2021-09-02",
"solution": "Upgrade to version 9.0.6 or above.",
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
],
"uuid": "679edfc6-3615-48f3-a456-e3a52c4d482f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
},
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-09-10T02:46Z",
"publishedDate": "2021-09-02T12:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.