Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Red Hat Advanced Cluster Security 3 by Red Hat

    CVE-2022-4975 (GCVE-0-2022-4975)

    Vulnerability from nvd – Published: 2025-01-27 13:47 – Updated: 2025-01-28 20:32
    VLAI
    Title
    Rhacs: cross-site scripting in portal
    Summary
    A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2022-4975 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2071527 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Date Public
    2025-01-20 14:01
    Credits
    Red Hat would like to thank Oscar Arnflo for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T20:32:45.607758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T20:32:53.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Oscar Arnflo for reporting this issue."
            }
          ],
          "datePublic": "2025-01-20T14:01:17.796Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id=\"pdf-table\"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T13:47:55.595Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2022-4975"
            },
            {
              "name": "RHBZ#2071527",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071527"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-04-04T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-20T14:01:17.796Z",
              "value": "Made public."
            }
          ],
          "title": "Rhacs: cross-site scripting in portal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-4975",
        "datePublished": "2025-01-27T13:47:55.595Z",
        "dateReserved": "2025-01-20T13:46:54.279Z",
        "dateUpdated": "2025-01-28T20:32:53.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3727 (GCVE-0-2024-3727)

    Vulnerability from nvd – Published: 2024-05-09 14:57 – Updated: 2026-06-30 03:22
    VLAI
    Title
    Containers/image: digest type does not guarantee valid type
    Summary
    A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0045 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3718 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4159 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4613 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4850 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5951 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6054 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6122 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6708 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7182 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7922 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7941 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3727 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2274767 issue-trackingx_refsource_REDHAT
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.29.3 (semver)
    Affected: 5.30.0 , < 5.30.1 (semver)
    Red Hat OADP-1.3-RHEL-9 Unaffected: 1.3.4-9 , < * (rpm)
        cpe:/a:redhat:openshift_api_data_protection:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-4 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-1 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240808093819.afee755d , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.2-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.16.1-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:5.2.2-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Migration Toolkit for Containers 1.8 Unaffected: v1.8.4-22 , < * (rpm)
        cpe:/a:redhat:rhmt:1.8::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-13.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift_ironic:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 2:1.11.3-3.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift_ironic:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-19.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
        cpe:/a:redhat:openshift_ironic:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.3-3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
        cpe:/a:redhat:openshift_ironic:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202409162258-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-30.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift_ironic:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 2:1.11.3-4.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift_ironic:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.g366295f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-5.1.rhaos4.16.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
        cpe:/a:redhat:openshift_ironic:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 2:1.14.4-1.rhaos4.16.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
        cpe:/a:redhat:openshift_ironic:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 0:1.29.5-7.rhaos4.16.git7db4ada.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409231504.p0.g342902b.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat RHEL-9-CNV-4.15 Unaffected: v4.15.5-7 , < * (rpm)
        cpe:/a:redhat:container_native_virtualization:4.15::el9
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Source-to-Image (S2I)     cpe:/a:redhat:source_to_image:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform Assisted Installer 1     cpe:/a:redhat:assisted_installer:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat Openshift Sandboxed Containers     cpe:/a:redhat:openshift_sandboxed_containers:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Date Public
    2024-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-13T17:59:41.318223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:13.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0045",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0045"
              },
              {
                "name": "RHSA-2024:4159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4159"
              },
              {
                "name": "RHSA-2024:4613",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4613"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
              },
              {
                "name": "RHBZ#2274767",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/containers/image",
              "defaultStatus": "unaffected",
              "packageName": "image",
              "versions": [
                {
                  "lessThan": "5.29.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.30.1",
                  "status": "affected",
                  "version": "5.30.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_api_data_protection:1.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "oadp/oadp-velero-plugin-rhel9",
              "product": "OADP-1.3-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.3.4-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-operator-bundle",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-operator-bundle",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240808093819.afee755d",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.37.2-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.16.1-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:5.2.2-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhmt:1.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhmtc/openshift-migration-controller-rhel8",
              "product": "Red Hat Migration Toolkit for Containers 1.8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.8.4-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift_ironic:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-13.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift_ironic:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-3.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9",
                "cpe:/a:redhat:openshift_ironic:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-19.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9",
                "cpe:/a:redhat:openshift_ironic:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/network-tools-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-alibaba-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-apiserver-network-proxy-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-autoscaler-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-network-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-node-tuning-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-console",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-docker-builder",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-hypershift-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-insights-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-api-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-multus-admission-controller-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-nutanix-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-openshift-controller-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-registry-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ovn-kubernetes-microshift-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ovn-kubernetes-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-powervs-cloud-controller-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-powervs-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-sdn-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-tests",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-tools-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202409162258-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift_ironic:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-30.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift_ironic:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-4.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9",
                "cpe:/a:redhat:openshift_ironic:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:4.9.4-5.1.rhaos4.16.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9",
                "cpe:/a:redhat:openshift_ironic:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.14.4-1.rhaos4.16.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-olm-operator-controller-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-registry-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/oc-mirror-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-openshift-apiserver-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
              "product": "RHEL-9-CNV-4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.5-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/agent-service-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-agent-rhel9",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-reporter-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine-hive-container",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "ocp-tools-4/jenkins-rhel8",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/client-kn-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-clients",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:source_to_image:1"
              ],
              "defaultStatus": "affected",
              "packageName": "source-to-image-container",
              "product": "OpenShift Source-to-Image (S2I)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhacm2/submariner-rhel9-operator",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/buildah",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/conmon",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/containers-common",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:4.0/podman",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/skopeo",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unknown",
              "packageName": "atomic-openshift",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-baremetal-installer-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cli",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cli-artifacts",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-deployer",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-installer",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-installer-altinfra-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-installer-artifacts-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-olm-rukpak-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ose-installer-terraform-providers-container",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/udi-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_sandboxed_containers:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
              "product": "Red Hat Openshift Sandboxed Containers",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_sandboxed_containers:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-rhel8-operator",
              "product": "Red Hat Openshift Sandboxed Containers",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-apiserver",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-cloner",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-controller",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-importer",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-operator",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadproxy",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadserver",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "osp-director-provisioner-container",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quay:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "quay/quay-builder-rhel8",
              "product": "Red Hat Quay 3",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:22:51.804Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0045",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0045"
            },
            {
              "name": "RHSA-2024:3718",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3718"
            },
            {
              "name": "RHSA-2024:4159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4159"
            },
            {
              "name": "RHSA-2024:4613",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4613"
            },
            {
              "name": "RHSA-2024:4850",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4850"
            },
            {
              "name": "RHSA-2024:4960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4960"
            },
            {
              "name": "RHSA-2024:5258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5258"
            },
            {
              "name": "RHSA-2024:5951",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5951"
            },
            {
              "name": "RHSA-2024:6054",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6054"
            },
            {
              "name": "RHSA-2024:6122",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6122"
            },
            {
              "name": "RHSA-2024:6708",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6708"
            },
            {
              "name": "RHSA-2024:6818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6818"
            },
            {
              "name": "RHSA-2024:6824",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6824"
            },
            {
              "name": "RHSA-2024:7164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7164"
            },
            {
              "name": "RHSA-2024:7174",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7174"
            },
            {
              "name": "RHSA-2024:7182",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7182"
            },
            {
              "name": "RHSA-2024:7187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7187"
            },
            {
              "name": "RHSA-2024:7922",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7922"
            },
            {
              "name": "RHSA-2024:7941",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7941"
            },
            {
              "name": "RHSA-2024:8260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8260"
            },
            {
              "name": "RHSA-2024:8425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8425"
            },
            {
              "name": "RHSA-2024:9097",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9097"
            },
            {
              "name": "RHSA-2024:9098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9098"
            },
            {
              "name": "RHSA-2024:9102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9102"
            },
            {
              "name": "RHSA-2024:9960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9960"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
            },
            {
              "name": "RHBZ#2274767",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-09T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Containers/image: digest type does not guarantee valid type",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3727",
        "datePublished": "2024-05-09T14:57:21.327Z",
        "dateReserved": "2024-04-12T17:56:37.261Z",
        "dateUpdated": "2026-06-30T03:22:51.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0406 (GCVE-0-2024-0406)

    Vulnerability from nvd – Published: 2024-04-06 16:11 – Updated: 2025-11-20 18:08
    VLAI
    Title
    Mholt/archiver: path traversal vulnerability
    Summary
    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:2449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0406 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2257749 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: v3.0.0 , < * (custom)
    Unaffected: v4.0.0 , < * (custom)
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Date Public
    2024-01-31 00:00
    Credits
    This issue was discovered by Stefan Cornelius (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-09T19:56:01.225454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:38.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:04:49.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
              },
              {
                "name": "RHBZ#2257749",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/mholt/archiver",
              "defaultStatus": "unaffected",
              "packageName": "archiver",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "v3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/oc-mirror-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Stefan Cornelius (Red Hat)."
            }
          ],
          "datePublic": "2024-01-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user\u0027s or application\u0027s privileges using the library."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:08:52.704Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:2449",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2449"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
            },
            {
              "name": "RHBZ#2257749",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-31T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mholt/archiver: path traversal vulnerability",
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0406",
        "datePublished": "2024-04-06T16:11:02.643Z",
        "dateReserved": "2024-01-10T18:18:28.288Z",
        "dateUpdated": "2025-11-20T18:08:52.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4958 (GCVE-0-2023-4958)

    Vulnerability from nvd – Published: 2023-12-12 10:02 – Updated: 2024-08-02 07:44
    VLAI
    Title
    Stackrox: missing http security headers allows for clickjacking in web ui
    Summary
    In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:5206 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-4958 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1990363 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Advanced Cluster Security 4.2 Unaffected: 4.2.0-6 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.2::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Date Public
    2022-06-02 22:40
    Credits
    This issue was discovered by Jeremy Choi (Red Hat Product Security).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:5206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5206"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4958"
              },
              {
                "name": "RHBZ#1990363",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.2.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jeremy Choi (Red Hat Product Security)."
            }
          ],
          "datePublic": "2022-06-02T22:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:38.712Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:5206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5206"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4958"
            },
            {
              "name": "RHBZ#1990363",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2021-08-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-06-02T22:40:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Stackrox: missing http security headers allows for clickjacking in web ui",
          "x_redhatCweChain": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4958",
        "datePublished": "2023-12-12T10:02:33.672Z",
        "dateReserved": "2023-09-14T08:06:30.272Z",
        "dateUpdated": "2024-08-02T07:44:53.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4975 (GCVE-0-2022-4975)

    Vulnerability from cvelistv5 – Published: 2025-01-27 13:47 – Updated: 2025-01-28 20:32
    VLAI
    Title
    Rhacs: cross-site scripting in portal
    Summary
    A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2022-4975 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2071527 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Date Public
    2025-01-20 14:01
    Credits
    Red Hat would like to thank Oscar Arnflo for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T20:32:45.607758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T20:32:53.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Oscar Arnflo for reporting this issue."
            }
          ],
          "datePublic": "2025-01-20T14:01:17.796Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id=\"pdf-table\"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T13:47:55.595Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2022-4975"
            },
            {
              "name": "RHBZ#2071527",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071527"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-04-04T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-20T14:01:17.796Z",
              "value": "Made public."
            }
          ],
          "title": "Rhacs: cross-site scripting in portal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-4975",
        "datePublished": "2025-01-27T13:47:55.595Z",
        "dateReserved": "2025-01-20T13:46:54.279Z",
        "dateUpdated": "2025-01-28T20:32:53.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3727 (GCVE-0-2024-3727)

    Vulnerability from cvelistv5 – Published: 2024-05-09 14:57 – Updated: 2026-06-30 03:22
    VLAI
    Title
    Containers/image: digest type does not guarantee valid type
    Summary
    A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0045 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3718 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4159 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4613 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4850 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5951 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6054 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6122 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6708 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7182 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7922 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7941 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3727 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2274767 issue-trackingx_refsource_REDHAT
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.29.3 (semver)
    Affected: 5.30.0 , < 5.30.1 (semver)
    Red Hat OADP-1.3-RHEL-9 Unaffected: 1.3.4-9 , < * (rpm)
        cpe:/a:redhat:openshift_api_data_protection:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-4 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-1 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240808093819.afee755d , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.2-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.16.1-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:5.2.2-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Migration Toolkit for Containers 1.8 Unaffected: v1.8.4-22 , < * (rpm)
        cpe:/a:redhat:rhmt:1.8::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-13.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift_ironic:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 2:1.11.3-3.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift_ironic:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-19.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
        cpe:/a:redhat:openshift_ironic:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.3-3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
        cpe:/a:redhat:openshift_ironic:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202409162258-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-30.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift_ironic:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 2:1.11.3-4.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift_ironic:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.g366295f.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-5.1.rhaos4.16.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
        cpe:/a:redhat:openshift_ironic:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 2:1.14.4-1.rhaos4.16.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
        cpe:/a:redhat:openshift_ironic:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 0:1.29.5-7.rhaos4.16.git7db4ada.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409231504.p0.g342902b.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat RHEL-9-CNV-4.15 Unaffected: v4.15.5-7 , < * (rpm)
        cpe:/a:redhat:container_native_virtualization:4.15::el9
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Source-to-Image (S2I)     cpe:/a:redhat:source_to_image:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform Assisted Installer 1     cpe:/a:redhat:assisted_installer:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat Openshift Sandboxed Containers     cpe:/a:redhat:openshift_sandboxed_containers:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Date Public
    2024-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-13T17:59:41.318223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:13.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0045",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0045"
              },
              {
                "name": "RHSA-2024:4159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4159"
              },
              {
                "name": "RHSA-2024:4613",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4613"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
              },
              {
                "name": "RHBZ#2274767",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/containers/image",
              "defaultStatus": "unaffected",
              "packageName": "image",
              "versions": [
                {
                  "lessThan": "5.29.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.30.1",
                  "status": "affected",
                  "version": "5.30.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_api_data_protection:1.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "oadp/oadp-velero-plugin-rhel9",
              "product": "OADP-1.3-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.3.4-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-operator-bundle",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.5-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-operator-bundle",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.2-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240808093819.afee755d",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.37.2-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.16.1-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:5.2.2-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhmt:1.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhmtc/openshift-migration-controller-rhel8",
              "product": "Red Hat Migration Toolkit for Containers 1.8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.8.4-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift_ironic:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-13.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift_ironic:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-3.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9",
                "cpe:/a:redhat:openshift_ironic:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-19.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9",
                "cpe:/a:redhat:openshift_ironic:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/network-tools-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-alibaba-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-apiserver-network-proxy-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-autoscaler-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-network-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cluster-node-tuning-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-console",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-docker-builder",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-hypershift-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-insights-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-api-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-multus-admission-controller-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-nutanix-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-openshift-controller-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-registry-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ovn-kubernetes-microshift-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ovn-kubernetes-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-powervs-cloud-controller-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-powervs-machine-controllers-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-sdn-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-tests",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-tools-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202409162258-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift_ironic:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-30.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift_ironic:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.3-4.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9",
                "cpe:/a:redhat:openshift_ironic:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:4.9.4-5.1.rhaos4.16.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9",
                "cpe:/a:redhat:openshift_ironic:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.14.4-1.rhaos4.16.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el8",
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-olm-operator-controller-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-registry-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/oc-mirror-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-machine-config-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-openshift-apiserver-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
              "product": "RHEL-9-CNV-4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.5-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/agent-service-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-agent-rhel9",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-reporter-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine/assisted-installer-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "unaffected",
              "packageName": "multicluster-engine-hive-container",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "ocp-tools-4/jenkins-rhel8",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/client-kn-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-clients",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:source_to_image:1"
              ],
              "defaultStatus": "affected",
              "packageName": "source-to-image-container",
              "product": "OpenShift Source-to-Image (S2I)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhacm2/submariner-rhel9-operator",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/buildah",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/conmon",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/containers-common",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:4.0/podman",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/skopeo",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unknown",
              "packageName": "atomic-openshift",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "containers-common",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-baremetal-installer-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cli",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-cli-artifacts",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-deployer",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-installer",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-installer-altinfra-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-installer-artifacts-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-olm-rukpak-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ose-installer-terraform-providers-container",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:assisted_installer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhai-tech-preview/assisted-installer-rhel8",
              "product": "Red Hat OpenShift Container Platform Assisted Installer 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/udi-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_sandboxed_containers:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
              "product": "Red Hat Openshift Sandboxed Containers",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_sandboxed_containers:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-rhel8-operator",
              "product": "Red Hat Openshift Sandboxed Containers",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-apiserver",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-cloner",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-controller",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-importer",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-operator",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadproxy",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadserver",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "affected",
              "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "osp-director-provisioner-container",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quay:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "quay/quay-builder-rhel8",
              "product": "Red Hat Quay 3",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:22:51.804Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0045",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0045"
            },
            {
              "name": "RHSA-2024:3718",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3718"
            },
            {
              "name": "RHSA-2024:4159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4159"
            },
            {
              "name": "RHSA-2024:4613",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4613"
            },
            {
              "name": "RHSA-2024:4850",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4850"
            },
            {
              "name": "RHSA-2024:4960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4960"
            },
            {
              "name": "RHSA-2024:5258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5258"
            },
            {
              "name": "RHSA-2024:5951",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5951"
            },
            {
              "name": "RHSA-2024:6054",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6054"
            },
            {
              "name": "RHSA-2024:6122",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6122"
            },
            {
              "name": "RHSA-2024:6708",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6708"
            },
            {
              "name": "RHSA-2024:6818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6818"
            },
            {
              "name": "RHSA-2024:6824",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6824"
            },
            {
              "name": "RHSA-2024:7164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7164"
            },
            {
              "name": "RHSA-2024:7174",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7174"
            },
            {
              "name": "RHSA-2024:7182",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7182"
            },
            {
              "name": "RHSA-2024:7187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7187"
            },
            {
              "name": "RHSA-2024:7922",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7922"
            },
            {
              "name": "RHSA-2024:7941",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7941"
            },
            {
              "name": "RHSA-2024:8260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8260"
            },
            {
              "name": "RHSA-2024:8425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8425"
            },
            {
              "name": "RHSA-2024:9097",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9097"
            },
            {
              "name": "RHSA-2024:9098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9098"
            },
            {
              "name": "RHSA-2024:9102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9102"
            },
            {
              "name": "RHSA-2024:9960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9960"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
            },
            {
              "name": "RHBZ#2274767",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-09T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Containers/image: digest type does not guarantee valid type",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3727",
        "datePublished": "2024-05-09T14:57:21.327Z",
        "dateReserved": "2024-04-12T17:56:37.261Z",
        "dateUpdated": "2026-06-30T03:22:51.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0406 (GCVE-0-2024-0406)

    Vulnerability from cvelistv5 – Published: 2024-04-06 16:11 – Updated: 2025-11-20 18:08
    VLAI
    Title
    Mholt/archiver: path traversal vulnerability
    Summary
    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:2449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0406 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2257749 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: v3.0.0 , < * (custom)
    Unaffected: v4.0.0 , < * (custom)
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Date Public
    2024-01-31 00:00
    Credits
    This issue was discovered by Stefan Cornelius (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-09T19:56:01.225454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:38.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:04:49.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
              },
              {
                "name": "RHBZ#2257749",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/mholt/archiver",
              "defaultStatus": "unaffected",
              "packageName": "archiver",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "v3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/oc-mirror-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Stefan Cornelius (Red Hat)."
            }
          ],
          "datePublic": "2024-01-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user\u0027s or application\u0027s privileges using the library."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:08:52.704Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:2449",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2449"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
            },
            {
              "name": "RHBZ#2257749",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-31T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mholt/archiver: path traversal vulnerability",
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0406",
        "datePublished": "2024-04-06T16:11:02.643Z",
        "dateReserved": "2024-01-10T18:18:28.288Z",
        "dateUpdated": "2025-11-20T18:08:52.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4958 (GCVE-0-2023-4958)

    Vulnerability from cvelistv5 – Published: 2023-12-12 10:02 – Updated: 2024-08-02 07:44
    VLAI
    Title
    Stackrox: missing http security headers allows for clickjacking in web ui
    Summary
    In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:5206 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-4958 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1990363 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Advanced Cluster Security 4.2 Unaffected: 4.2.0-6 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.2::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
    Create a notification for this product.
    Date Public
    2022-06-02 22:40
    Credits
    This issue was discovered by Jeremy Choi (Red Hat Product Security).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:5206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5206"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4958"
              },
              {
                "name": "RHBZ#1990363",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.2.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:3"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jeremy Choi (Red Hat Product Security)."
            }
          ],
          "datePublic": "2022-06-02T22:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:38.712Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:5206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5206"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4958"
            },
            {
              "name": "RHBZ#1990363",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2021-08-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-06-02T22:40:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Stackrox: missing http security headers allows for clickjacking in web ui",
          "x_redhatCweChain": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4958",
        "datePublished": "2023-12-12T10:02:33.672Z",
        "dateReserved": "2023-09-14T08:06:30.272Z",
        "dateUpdated": "2024-08-02T07:44:53.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }