Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for Red Hat OpenStack Platform 17.1 for RHEL 9 by Red Hat

    CVE-2023-6110 (GCVE-0-2023-6110)

    Vulnerability from nvd – Published: 2024-11-17 10:22 – Updated: 2024-12-05 20:30
    VLAI
    Title
    Openstack: deleting a non existing access rule deletes another existing access rule in it's scope
    Summary
    A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-237 - Improper Handling of Structural Elements
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:5.5.2-17.1.20230829213816.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:5.5.2-17.1.20230829210830.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.0     cpe:/a:redhat:openstack:17.0
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-17T16:17:28.263809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:38:40.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-openstackclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.5.2-17.1.20230829213816.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-openstackclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.5.2-17.1.20230829210830.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it\u0027s scope, it deletes other existing access rules which are not associated with any application credentials."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-237",
                  "description": "Improper Handling of Structural Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-05T20:30:27.043Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2737"
            },
            {
              "name": "RHSA-2024:2769",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2769"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6110"
            },
            {
              "name": "RHBZ#2212960",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"
            },
            {
              "url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"
            },
            {
              "url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack: deleting a non existing access rule deletes another existing access rule in it\u0027s scope",
          "x_redhatCweChain": "CWE-237: Improper Handling of Structural Elements"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6110",
        "datePublished": "2024-11-17T10:22:34.776Z",
        "dateReserved": "2023-11-13T19:27:25.305Z",
        "dateUpdated": "2024-12-05T20:30:27.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9902 (GCVE-0-2024-9902)

    Vulnerability from nvd – Published: 2024-11-06 09:56 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: ansible-core user may read/write unauthorized content
    Summary
    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.14.18rc1 (custom)
    Affected: 2.15.0b1 , < 2.15.13rc1 (custom)
    Affected: 2.16.0b1 , < 2.16.13rc1 (custom)
    Affected: 2.17.0b1 , < 2.17.6rc1 (custom)
    Affected: 2.18.0b1 , < 2.18.0rc2 (custom)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.14.2-4.6.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Date Public
    2024-11-06 06:11
    Credits
    Red Hat would like to thank Matt Clay for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:20:56.915379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:21:06.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:34.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThan": "2.14.18rc1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.15.13rc1",
                  "status": "affected",
                  "version": "2.15.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.13rc1",
                  "status": "affected",
                  "version": "2.16.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.17.6rc1",
                  "status": "affected",
                  "version": "2.17.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.18.0rc2",
                  "status": "affected",
                  "version": "2.18.0b1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-ansible-core",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.2-4.6.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Matt Clay for reporting this issue."
            }
          ],
          "datePublic": "2024-11-06T06:11:25.611Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:23.106Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1861"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9902"
            },
            {
              "name": "RHBZ#2318271",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-12T02:41:32.581Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-06T06:11:25.611Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: ansible-core user may read/write unauthorized content",
          "workarounds": [
            {
              "lang": "en",
              "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"
            }
          ],
          "x_redhatCweChain": "CWE-863: Incorrect Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9902",
        "datePublished": "2024-11-06T09:56:54.505Z",
        "dateReserved": "2024-10-12T02:46:57.580Z",
        "dateUpdated": "2025-11-06T23:17:23.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8007 (GCVE-0-2024-8007)

    Vulnerability from nvd – Published: 2024-08-21 13:40 – Updated: 2026-02-25 20:32
    VLAI
    Title
    Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors
    Summary
    A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:9990 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9991 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-8007 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2305975 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 47e64de0d4025ce95ebbe522aa77223cc319c7b2 , < * (git)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:15.4.1-17.1.20240911093743.e5b18f2.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:16.5.1-17.1.20240913093745.f3599d0.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:15.4.1-17.1.20240911100820.e5b18f2.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:16.5.1-17.1.20240913100806.f3599d0.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Date Public
    2024-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:06:21.421622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:06:57.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://code.engineering.redhat.com/gerrit/openstack-tripleo-common",
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "47e64de0d4025ce95ebbe522aa77223cc319c7b2",
                  "versionType": "git"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.4.1-17.1.20240911093743.e5b18f2.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.5.1-17.1.20240913093745.f3599d0.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.4.1-17.1.20240911100820.e5b18f2.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.5.1-17.1.20240913100806.f3599d0.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T20:32:06.710Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:9990",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9990"
            },
            {
              "name": "RHSA-2024:9991",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9991"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8007"
            },
            {
              "name": "RHBZ#2305975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305975"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-20T10:54:54.042Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-295: Improper Certificate Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8007",
        "datePublished": "2024-08-21T13:40:25.242Z",
        "dateReserved": "2024-08-20T11:09:27.802Z",
        "dateUpdated": "2026-02-25T20:32:06.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4840 (GCVE-0-2024-4840)

    Vulnerability from nvd – Published: 2024-05-13 22:16 – Updated: 2025-11-20 19:15
    VLAI
    Title
    Rhosp-director: cleartext passwords exposed in logs
    Summary
    An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:9978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-4840 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2280249 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 14.3.1-17.1.20240528170747.e7c7ce3.el9ost (rpm)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:14.3.1-17.1.20240919130756.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T19:32:24.426737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T15:59:59.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:55:09.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4840"
              },
              {
                "name": "RHBZ#2280249",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack-archive/tripleo-heat-templates",
              "packageName": "openstack-tripleo-heat-templates",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.3.1-17.1.20240528170747.e7c7ce3.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20240919130756.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-director",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:15:50.057Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:9978",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9978"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4840"
            },
            {
              "name": "RHBZ#2280249",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhosp-director: cleartext passwords exposed in logs",
          "x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4840",
        "datePublished": "2024-05-13T22:16:39.899Z",
        "dateReserved": "2024-05-13T16:34:02.118Z",
        "dateUpdated": "2025-11-20T19:15:50.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4438 (GCVE-0-2024-4438)

    Vulnerability from nvd – Published: 2024-05-08 08:59 – Updated: 2025-11-20 07:31
    VLAI
    Title
    Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform
    Summary
    The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3467 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-4438 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2279365 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 3.3.23 (semver)
    Red Hat Red Hat OpenStack Platform 16.1 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.2::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.4.26-8.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4438",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:51:24.572370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:33.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:40:47.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2729"
              },
              {
                "name": "RHSA-2024:3352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3352"
              },
              {
                "name": "RHSA-2024:3467",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3467"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4438"
              },
              {
                "name": "RHBZ#2279365",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/etcd-io/etcd",
              "defaultStatus": "unknown",
              "packageName": "etcd",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.3.23",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.26-8.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T07:31:01.238Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2729"
            },
            {
              "name": "RHSA-2024:3352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3352"
            },
            {
              "name": "RHSA-2024:3467",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3467"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4438"
            },
            {
              "name": "RHBZ#2279365",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4438",
        "datePublished": "2024-05-08T08:59:42.187Z",
        "dateReserved": "2024-05-02T16:28:57.490Z",
        "dateUpdated": "2025-11-20T07:31:01.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1394 (GCVE-0-2024-1394)

    Vulnerability from nvd – Published: 2024-03-21 12:16 – Updated: 2026-04-23 01:32
    VLAI
    Title
    Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
    Summary
    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1472 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1501 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1561 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1563 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1567 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1574 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1646 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1763 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2562 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2767 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3265 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4146 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4371 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4378 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4379 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4581 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4672 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5634 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1394 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2262921 issue-trackingx_refsource_REDHAT
    https://github.com/golang-fips/openssl/commit/85d…
    https://github.com/golang-fips/openssl/security/a…
    https://github.com/microsoft/go-crypto-openssl/co…
    https://pkg.go.dev/vuln/GO-2024-2660
    https://vuln.go.dev/ID/GO-2024-2660.json
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.4.5-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.4.5-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Tools Unaffected: 0:1.19.13-6.el7_9 , < * (rpm)
        cpe:/a:redhat:devtools:2023::el7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8090020240313170136.26eb71ac , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:5.1.1-2.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:9.2.10-8.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:9.2.10-16.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240808093819.afee755d , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:101-2.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.12-2.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:9.2.10-8.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.1.1-2.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.21.9-2.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:9.2.10-16.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.1.1-2.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.33.7-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-5.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 6:0.7.3-4.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.14.3-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:1.4.0-4.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:1.1.12-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:132-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:4.2.0-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 1:1.0.1-6.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.19.13-7.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:4.4.1-20.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 1:1.23.4-5.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:0.16.0-2.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 1:1.4.0-1.1.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.0-2.2.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:2.14.0-5.2.rhaos4.12.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 3:4.2.0-7.2.rhaos4.12.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 3:1.1.6-5.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 2:1.9.4-3.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 1:1.29.1-2.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 1:1.4.0-1.1.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-11.1.rhaos4.13.git919cc6e.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.0-4.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:2.15.0-7.1.rhaos4.13.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-5.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 4:1.1.12-1.1.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 2:1.11.2-2.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:0.19.0-1.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.4.0-1.2.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.0-3.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:2.16.2-2.1.rhaos4.14.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-11.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.2-10.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.29.1-10.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:0.19.0-1.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:2.1.7-3.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.4.0-1.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.4-7.2.rhaos4.14.git082c52f.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.0-3.2.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:2.16.2-2.2.rhaos4.14.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-11.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 4:1.1.12-1.2.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.2-10.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202407300859-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 1:1.29.1-20.3.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:0.20.0-1.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 1:1.4.0-1.2.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.4-8.rhaos4.15.git24f50b9.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.0-3.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:2.16.2-2.1.rhaos4.15.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-21.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 4:1.1.12-1.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 2:1.11.2-21.2.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202407191425-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.2::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:0.2.1-3.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.4.26-8.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:0.2.1-3.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.0-137 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.0-38 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat NBDE Tang Server     cpe:/a:redhat:network_bound_disk_encryption_tang:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Red Hat Red Hat Certification for Red Hat Enterprise Linux 8     cpe:/a:redhat:certifications:1::el8
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Container Storage 4     cpe:/a:redhat:openshift_container_storage:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Software Collections     cpe:/a:redhat:rhel_software_collections:3
    Create a notification for this product.
    Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
    Create a notification for this product.
    Date Public
    2024-03-20 00:00
    Credits
    Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:21:05.099385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T13:50:55.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:20.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1462",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1462"
              },
              {
                "name": "RHSA-2024:1468",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1468"
              },
              {
                "name": "RHSA-2024:1472",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1472"
              },
              {
                "name": "RHSA-2024:1501",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1501"
              },
              {
                "name": "RHSA-2024:1502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1502"
              },
              {
                "name": "RHSA-2024:1561",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1561"
              },
              {
                "name": "RHSA-2024:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1563"
              },
              {
                "name": "RHSA-2024:1566",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1566"
              },
              {
                "name": "RHSA-2024:1567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1567"
              },
              {
                "name": "RHSA-2024:1574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1574"
              },
              {
                "name": "RHSA-2024:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1640"
              },
              {
                "name": "RHSA-2024:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1644"
              },
              {
                "name": "RHSA-2024:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1646"
              },
              {
                "name": "RHSA-2024:1763",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1763"
              },
              {
                "name": "RHSA-2024:1897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1897"
              },
              {
                "name": "RHSA-2024:2562",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2562"
              },
              {
                "name": "RHSA-2024:2568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2568"
              },
              {
                "name": "RHSA-2024:2569",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2569"
              },
              {
                "name": "RHSA-2024:2729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2729"
              },
              {
                "name": "RHSA-2024:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2730"
              },
              {
                "name": "RHSA-2024:2767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2767"
              },
              {
                "name": "RHSA-2024:3265",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3265"
              },
              {
                "name": "RHSA-2024:3352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3352"
              },
              {
                "name": "RHSA-2024:4146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4146"
              },
              {
                "name": "RHSA-2024:4371",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4371"
              },
              {
                "name": "RHSA-2024:4378",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4378"
              },
              {
                "name": "RHSA-2024:4379",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4379"
              },
              {
                "name": "RHSA-2024:4502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4502"
              },
              {
                "name": "RHSA-2024:4581",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4581"
              },
              {
                "name": "RHSA-2024:4591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4591"
              },
              {
                "name": "RHSA-2024:4672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4672"
              },
              {
                "name": "RHSA-2024:4699",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4699"
              },
              {
                "name": "RHSA-2024:4761",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4761"
              },
              {
                "name": "RHSA-2024:4762",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4762"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
              },
              {
                "name": "RHBZ#2262921",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2024-2660"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuln.go.dev/ID/GO-2024-2660.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "receptor",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.5-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "receptor",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.5-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:devtools:2023::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "go-toolset-1.19-golang",
              "product": "Red Hat Developer Tools",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.19.13-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "go-toolset:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240313170136.26eb71ac",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-16.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240808093819.afee755d",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:101-2.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.12-2.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-8.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.21.9-2.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-16.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.33.7-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:4.9.4-5.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gvisor-tap-vsock",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6:0.7.3-4.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.14.3-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-4.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:132-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:4.2.0-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.0.1-6.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.19.13-7.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:4.4.1-20.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.23.4-5.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.16.0-2.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.1.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.25.0-2.2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.0-5.2.rhaos4.12.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.2.0-7.2.rhaos4.12.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:1.1.6-5.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.9.4-3.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-2.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.1.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.26.0-4.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.0-7.1.rhaos4.13.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-5.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.1.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-2.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.19.0-1.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.2.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.0-3.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.1.rhaos4.14.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-11.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-10.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-10.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.19.0-1.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "conmon",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:2.1.7-3.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.0-3.2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.2.rhaos4.14.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4-aws-iso",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-ansible",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-kuryr",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-11.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.2.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-10.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "microshift",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202407300859-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-20.3.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.20.0-1.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.2.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.28.0-3.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.1.rhaos4.15.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-21.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-21.2.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "microshift",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202407191425-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "collectd-sensubility",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.1-3.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.26-8.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "collectd-sensubility",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.1-3.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-137",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-38",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:network_bound_disk_encryption_tang:1"
              ],
              "defaultStatus": "affected",
              "packageName": "tang-operator-bundle-container",
              "product": "NBDE Tang Server",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "helm",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "odo",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines-client",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-clients",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "helm",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:certifications:1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-certification-preflight",
              "product": "Red Hat Certification for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:certifications:9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-certification-preflight",
              "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "host-metering",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rhc-worker-script",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/buildah",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/conmon",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/podman",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/runc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/skopeo",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/toolbox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "git-lfs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "weldr-client",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "git-lfs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "toolbox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "weldr-client",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon-rs",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "golang-github-prometheus-promu",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "lifecycle-agent-operator-bundle-container",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift4/bare-metal-event-relay-operator-bundle",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/numaresources-operator-bundle",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-cluster-machine-approver-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_container_storage:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "mcg",
              "product": "Red Hat Openshift Container Storage 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/machineexec-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-operator-bundle",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_service_on_aws:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rosa",
              "product": "Red Hat OpenShift on AWS",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kubevirt",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-github-infrawatch-apputils",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-github-infrawatch-apputils",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "qpid-proton",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "skupper-cli",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "skupper-router",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_software_collections:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-git227-git-lfs",
              "product": "Red Hat Software Collections",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:storage:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "heketi",
              "product": "Red Hat Storage 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue."
            }
          ],
          "datePublic": "2024-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T01:32:06.267Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1462",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1462"
            },
            {
              "name": "RHSA-2024:1468",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1468"
            },
            {
              "name": "RHSA-2024:1472",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1472"
            },
            {
              "name": "RHSA-2024:1501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1501"
            },
            {
              "name": "RHSA-2024:1502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1502"
            },
            {
              "name": "RHSA-2024:1561",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1561"
            },
            {
              "name": "RHSA-2024:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1563"
            },
            {
              "name": "RHSA-2024:1566",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1566"
            },
            {
              "name": "RHSA-2024:1567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1567"
            },
            {
              "name": "RHSA-2024:1574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1574"
            },
            {
              "name": "RHSA-2024:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1640"
            },
            {
              "name": "RHSA-2024:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1644"
            },
            {
              "name": "RHSA-2024:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1646"
            },
            {
              "name": "RHSA-2024:1763",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1763"
            },
            {
              "name": "RHSA-2024:1897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1897"
            },
            {
              "name": "RHSA-2024:2562",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2562"
            },
            {
              "name": "RHSA-2024:2568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2568"
            },
            {
              "name": "RHSA-2024:2569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2569"
            },
            {
              "name": "RHSA-2024:2729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2729"
            },
            {
              "name": "RHSA-2024:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2730"
            },
            {
              "name": "RHSA-2024:2767",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2767"
            },
            {
              "name": "RHSA-2024:3265",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3265"
            },
            {
              "name": "RHSA-2024:3352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3352"
            },
            {
              "name": "RHSA-2024:4146",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4146"
            },
            {
              "name": "RHSA-2024:4371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4371"
            },
            {
              "name": "RHSA-2024:4378",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4378"
            },
            {
              "name": "RHSA-2024:4379",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4379"
            },
            {
              "name": "RHSA-2024:4502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4502"
            },
            {
              "name": "RHSA-2024:4581",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4581"
            },
            {
              "name": "RHSA-2024:4591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4591"
            },
            {
              "name": "RHSA-2024:4672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4672"
            },
            {
              "name": "RHSA-2024:4699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4699"
            },
            {
              "name": "RHSA-2024:4761",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4761"
            },
            {
              "name": "RHSA-2024:4762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4762"
            },
            {
              "name": "RHSA-2024:4960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4960"
            },
            {
              "name": "RHSA-2024:5258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5258"
            },
            {
              "name": "RHSA-2024:5634",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5634"
            },
            {
              "name": "RHSA-2024:7262",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7262"
            },
            {
              "name": "RHSA-2025:7118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7118"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
            },
            {
              "name": "RHBZ#2262921",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
            },
            {
              "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
            },
            {
              "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
            },
            {
              "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2024-2660"
            },
            {
              "url": "https://vuln.go.dev/ID/GO-2024-2660.json"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-03-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1394",
        "datePublished": "2024-03-21T12:16:38.790Z",
        "dateReserved": "2024-02-09T06:02:35.056Z",
        "dateUpdated": "2026-04-23T01:32:06.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6725 (GCVE-0-2023-6725)

    Vulnerability from nvd – Published: 2024-03-15 12:38 – Updated: 2026-02-25 18:20
    VLAI
    Title
    Tripleo-ansible: bind keys are world readable
    Summary
    An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2736 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2770 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6725 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2249273 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:14.3.1-17.1.20231103003762.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:3.3.1-17.1.20231101233754.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:14.3.1-17.1.20231103010840.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.3.1-17.1.20231101230831.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-03-15 00:00
    Credits
    This issue was discovered by Michael Johnson (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2736",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2736"
              },
              {
                "name": "RHSA-2024:2770",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2770"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6725"
              },
              {
                "name": "RHBZ#2249273",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249273"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6725",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T16:37:30.842696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:40:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20231103003762.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "tripleo-ansible",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.1-17.1.20231101233754.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20231103010840.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "tripleo-ansible",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.1-17.1.20231101230831.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Michael Johnson (Red Hat)."
            }
          ],
          "datePublic": "2024-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:20:14.710Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2736",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2736"
            },
            {
              "name": "RHSA-2024:2770",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2770"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6725"
            },
            {
              "name": "RHBZ#2249273",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249273"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-03-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Tripleo-ansible: bind keys are world readable",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6725",
        "datePublished": "2024-03-15T12:38:23.158Z",
        "dateReserved": "2023-12-12T09:57:13.700Z",
        "dateUpdated": "2026-02-25T18:20:14.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1141 (GCVE-0-2024-1141)

    Vulnerability from nvd – Published: 2024-02-01 14:21 – Updated: 2025-11-20 18:21
    VLAI
    Title
    Glance-store: glance store access key logged in debug log level
    Summary
    A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-779 - Logging of Excessive Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2732 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1141 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2258836 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 4.7.0 (custom)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.5.1-17.1.20230621023901.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-01-17 00:00
    Credits
    Red Hat would like to thank Lujie (ICT) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-01T20:50:59.471008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:46.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2732",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2732"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1141"
              },
              {
                "name": "RHBZ#2258836",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack/glance_store/",
              "defaultStatus": "unaffected",
              "packageName": "glance-store",
              "versions": [
                {
                  "lessThan": "4.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.1-17.1.20230621023901.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Lujie (ICT) for reporting this issue."
            }
          ],
          "datePublic": "2024-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-779",
                  "description": "Logging of Excessive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:21:09.704Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2732",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2732"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1141"
            },
            {
              "name": "RHBZ#2258836",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glance-store: glance store access key logged in debug log level",
          "workarounds": [
            {
              "lang": "en",
              "value": "Avoid leaving the DEBUG log level enabled in critical environments."
            }
          ],
          "x_redhatCweChain": "CWE-779: Logging of Excessive Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1141",
        "datePublished": "2024-02-01T14:21:37.758Z",
        "dateReserved": "2024-02-01T00:47:57.686Z",
        "dateUpdated": "2025-11-20T18:21:09.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5625 (GCVE-0-2023-5625)

    Vulnerability from nvd – Published: 2023-11-01 13:28 – Updated: 2025-11-20 18:06
    VLAI
    Title
    Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
    Summary
    A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:6128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0188 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0213 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-5625 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2244717 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Ironic content for Red Hat OpenShift Container Platform 4.12 Unaffected: 0:0.30.2-4.el9 , < * (rpm)
        cpe:/a:redhat:openshift_ironic:4.12::el9
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:0.30.2-4.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:0.30.2-4.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Date Public
    2023-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T20:10:57.417193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T20:14:12.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.226Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:6128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:6128"
              },
              {
                "name": "RHSA-2024:0188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0188"
              },
              {
                "name": "RHSA-2024:0213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0213"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5625"
              },
              {
                "name": "RHBZ#2244717",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ironic:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Ironic content for Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el9ost",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:06:27.969Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:6128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:6128"
            },
            {
              "name": "RHSA-2024:0188",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0188"
            },
            {
              "name": "RHSA-2024:0213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0213"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5625"
            },
            {
              "name": "RHBZ#2244717",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244717"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Python-eventlet: patch regression for cve-2021-21419 in some red hat builds",
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5625",
        "datePublished": "2023-11-01T13:28:10.190Z",
        "dateReserved": "2023-10-17T22:35:25.280Z",
        "dateUpdated": "2025-11-20T18:06:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6110 (GCVE-0-2023-6110)

    Vulnerability from cvelistv5 – Published: 2024-11-17 10:22 – Updated: 2024-12-05 20:30
    VLAI
    Title
    Openstack: deleting a non existing access rule deletes another existing access rule in it's scope
    Summary
    A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-237 - Improper Handling of Structural Elements
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:5.5.2-17.1.20230829213816.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:5.5.2-17.1.20230829210830.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.0     cpe:/a:redhat:openstack:17.0
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-17T16:17:28.263809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:38:40.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-openstackclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.5.2-17.1.20230829213816.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-openstackclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.5.2-17.1.20230829210830.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it\u0027s scope, it deletes other existing access rules which are not associated with any application credentials."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-237",
                  "description": "Improper Handling of Structural Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-05T20:30:27.043Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2737"
            },
            {
              "name": "RHSA-2024:2769",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2769"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6110"
            },
            {
              "name": "RHBZ#2212960",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"
            },
            {
              "url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"
            },
            {
              "url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack: deleting a non existing access rule deletes another existing access rule in it\u0027s scope",
          "x_redhatCweChain": "CWE-237: Improper Handling of Structural Elements"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6110",
        "datePublished": "2024-11-17T10:22:34.776Z",
        "dateReserved": "2023-11-13T19:27:25.305Z",
        "dateUpdated": "2024-12-05T20:30:27.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9902 (GCVE-0-2024-9902)

    Vulnerability from cvelistv5 – Published: 2024-11-06 09:56 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: ansible-core user may read/write unauthorized content
    Summary
    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.14.18rc1 (custom)
    Affected: 2.15.0b1 , < 2.15.13rc1 (custom)
    Affected: 2.16.0b1 , < 2.16.13rc1 (custom)
    Affected: 2.17.0b1 , < 2.17.6rc1 (custom)
    Affected: 2.18.0b1 , < 2.18.0rc2 (custom)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.14.2-4.6.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Date Public
    2024-11-06 06:11
    Credits
    Red Hat would like to thank Matt Clay for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:20:56.915379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:21:06.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:34.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThan": "2.14.18rc1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.15.13rc1",
                  "status": "affected",
                  "version": "2.15.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.13rc1",
                  "status": "affected",
                  "version": "2.16.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.17.6rc1",
                  "status": "affected",
                  "version": "2.17.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.18.0rc2",
                  "status": "affected",
                  "version": "2.18.0b1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-ansible-core",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.2-4.6.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Matt Clay for reporting this issue."
            }
          ],
          "datePublic": "2024-11-06T06:11:25.611Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:23.106Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1861"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9902"
            },
            {
              "name": "RHBZ#2318271",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-12T02:41:32.581Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-06T06:11:25.611Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: ansible-core user may read/write unauthorized content",
          "workarounds": [
            {
              "lang": "en",
              "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"
            }
          ],
          "x_redhatCweChain": "CWE-863: Incorrect Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9902",
        "datePublished": "2024-11-06T09:56:54.505Z",
        "dateReserved": "2024-10-12T02:46:57.580Z",
        "dateUpdated": "2025-11-06T23:17:23.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8007 (GCVE-0-2024-8007)

    Vulnerability from cvelistv5 – Published: 2024-08-21 13:40 – Updated: 2026-02-25 20:32
    VLAI
    Title
    Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors
    Summary
    A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:9990 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:9991 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-8007 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2305975 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 47e64de0d4025ce95ebbe522aa77223cc319c7b2 , < * (git)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:15.4.1-17.1.20240911093743.e5b18f2.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:16.5.1-17.1.20240913093745.f3599d0.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:15.4.1-17.1.20240911100820.e5b18f2.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:16.5.1-17.1.20240913100806.f3599d0.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Date Public
    2024-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:06:21.421622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:06:57.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://code.engineering.redhat.com/gerrit/openstack-tripleo-common",
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "47e64de0d4025ce95ebbe522aa77223cc319c7b2",
                  "versionType": "git"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.4.1-17.1.20240911093743.e5b18f2.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.5.1-17.1.20240913093745.f3599d0.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.4.1-17.1.20240911100820.e5b18f2.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.5.1-17.1.20240913100806.f3599d0.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-common",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T20:32:06.710Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:9990",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9990"
            },
            {
              "name": "RHSA-2024:9991",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9991"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8007"
            },
            {
              "name": "RHBZ#2305975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305975"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-20T10:54:54.042Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-295: Improper Certificate Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8007",
        "datePublished": "2024-08-21T13:40:25.242Z",
        "dateReserved": "2024-08-20T11:09:27.802Z",
        "dateUpdated": "2026-02-25T20:32:06.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4840 (GCVE-0-2024-4840)

    Vulnerability from cvelistv5 – Published: 2024-05-13 22:16 – Updated: 2025-11-20 19:15
    VLAI
    Title
    Rhosp-director: cleartext passwords exposed in logs
    Summary
    An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:9978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-4840 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2280249 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 14.3.1-17.1.20240528170747.e7c7ce3.el9ost (rpm)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:14.3.1-17.1.20240919130756.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T19:32:24.426737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T15:59:59.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:55:09.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4840"
              },
              {
                "name": "RHBZ#2280249",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack-archive/tripleo-heat-templates",
              "packageName": "openstack-tripleo-heat-templates",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.3.1-17.1.20240528170747.e7c7ce3.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20240919130756.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-director",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:15:50.057Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:9978",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9978"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4840"
            },
            {
              "name": "RHBZ#2280249",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhosp-director: cleartext passwords exposed in logs",
          "x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4840",
        "datePublished": "2024-05-13T22:16:39.899Z",
        "dateReserved": "2024-05-13T16:34:02.118Z",
        "dateUpdated": "2025-11-20T19:15:50.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4438 (GCVE-0-2024-4438)

    Vulnerability from cvelistv5 – Published: 2024-05-08 08:59 – Updated: 2025-11-20 07:31
    VLAI
    Title
    Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform
    Summary
    The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3467 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-4438 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2279365 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Unaffected: 3.3.23 (semver)
    Red Hat Red Hat OpenStack Platform 16.1 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.2::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.4.26-8.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4438",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:51:24.572370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:33.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:40:47.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2729"
              },
              {
                "name": "RHSA-2024:3352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3352"
              },
              {
                "name": "RHSA-2024:3467",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3467"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4438"
              },
              {
                "name": "RHBZ#2279365",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/etcd-io/etcd",
              "defaultStatus": "unknown",
              "packageName": "etcd",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.3.23",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.26-8.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T07:31:01.238Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2729"
            },
            {
              "name": "RHSA-2024:3352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3352"
            },
            {
              "name": "RHSA-2024:3467",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3467"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4438"
            },
            {
              "name": "RHBZ#2279365",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4438",
        "datePublished": "2024-05-08T08:59:42.187Z",
        "dateReserved": "2024-05-02T16:28:57.490Z",
        "dateUpdated": "2025-11-20T07:31:01.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1394 (GCVE-0-2024-1394)

    Vulnerability from cvelistv5 – Published: 2024-03-21 12:16 – Updated: 2026-04-23 01:32
    VLAI
    Title
    Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
    Summary
    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1472 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1501 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1561 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1563 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1567 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1574 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1646 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1763 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2562 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2767 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3265 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4146 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4371 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4378 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4379 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4581 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4672 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5634 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1394 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2262921 issue-trackingx_refsource_REDHAT
    https://github.com/golang-fips/openssl/commit/85d…
    https://github.com/golang-fips/openssl/security/a…
    https://github.com/microsoft/go-crypto-openssl/co…
    https://pkg.go.dev/vuln/GO-2024-2660
    https://vuln.go.dev/ID/GO-2024-2660.json
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.4.5-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.4.5-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Tools Unaffected: 0:1.19.13-6.el7_9 , < * (rpm)
        cpe:/a:redhat:devtools:2023::el7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8090020240313170136.26eb71ac , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:5.1.1-2.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:9.2.10-8.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:9.2.10-16.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240808093819.afee755d , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:101-2.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.12-2.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:9.2.10-8.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.1.1-2.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.21.9-2.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:9.2.10-16.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.1.1-2.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.33.7-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-5.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 6:0.7.3-4.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.14.3-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:1.4.0-4.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:1.1.12-3.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:132-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:4.2.0-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 1:1.0.1-6.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.19.13-7.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:4.4.1-20.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 1:1.23.4-5.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:0.16.0-2.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 1:1.4.0-1.1.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.0-2.2.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:2.14.0-5.2.rhaos4.12.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 3:4.2.0-7.2.rhaos4.12.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 3:1.1.6-5.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 2:1.9.4-3.2.rhaos4.12.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 1:1.29.1-2.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 1:1.4.0-1.1.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-11.1.rhaos4.13.git919cc6e.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.0-4.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:2.15.0-7.1.rhaos4.13.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-5.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 4:1.1.12-1.1.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 2:1.11.2-2.2.rhaos4.13.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:0.19.0-1.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.4.0-1.2.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.0-3.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:2.16.2-2.1.rhaos4.14.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-11.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.2-10.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.29.1-10.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:0.19.0-1.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:2.1.7-3.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 1:1.4.0-1.3.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.4-7.2.rhaos4.14.git082c52f.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.0-3.2.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:2.16.2-2.2.rhaos4.14.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-11.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 4:1.1.12-1.2.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.2-10.4.rhaos4.14.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202407300859-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 1:1.29.1-20.3.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:0.20.0-1.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 1:1.4.0-1.2.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.4-8.rhaos4.15.git24f50b9.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.0-3.1.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:2.16.2-2.1.rhaos4.15.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-21.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 4:1.1.12-1.1.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 2:1.11.2-21.2.rhaos4.15.el8 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202407191425-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
        cpe:/a:redhat:openshift:4.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2 Unaffected: 0:3.3.23-16.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:16.2::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:0.2.1-3.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.4.26-8.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:0.2.1-3.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.0-137 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.0-38 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat NBDE Tang Server     cpe:/a:redhat:network_bound_disk_encryption_tang:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Red Hat Red Hat Certification for Red Hat Enterprise Linux 8     cpe:/a:redhat:certifications:1::el8
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Container Storage 4     cpe:/a:redhat:openshift_container_storage:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Software Collections     cpe:/a:redhat:rhel_software_collections:3
    Create a notification for this product.
    Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
    Create a notification for this product.
    Date Public
    2024-03-20 00:00
    Credits
    Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:21:05.099385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T13:50:55.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:20.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1462",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1462"
              },
              {
                "name": "RHSA-2024:1468",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1468"
              },
              {
                "name": "RHSA-2024:1472",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1472"
              },
              {
                "name": "RHSA-2024:1501",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1501"
              },
              {
                "name": "RHSA-2024:1502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1502"
              },
              {
                "name": "RHSA-2024:1561",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1561"
              },
              {
                "name": "RHSA-2024:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1563"
              },
              {
                "name": "RHSA-2024:1566",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1566"
              },
              {
                "name": "RHSA-2024:1567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1567"
              },
              {
                "name": "RHSA-2024:1574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1574"
              },
              {
                "name": "RHSA-2024:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1640"
              },
              {
                "name": "RHSA-2024:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1644"
              },
              {
                "name": "RHSA-2024:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1646"
              },
              {
                "name": "RHSA-2024:1763",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1763"
              },
              {
                "name": "RHSA-2024:1897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1897"
              },
              {
                "name": "RHSA-2024:2562",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2562"
              },
              {
                "name": "RHSA-2024:2568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2568"
              },
              {
                "name": "RHSA-2024:2569",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2569"
              },
              {
                "name": "RHSA-2024:2729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2729"
              },
              {
                "name": "RHSA-2024:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2730"
              },
              {
                "name": "RHSA-2024:2767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2767"
              },
              {
                "name": "RHSA-2024:3265",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3265"
              },
              {
                "name": "RHSA-2024:3352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3352"
              },
              {
                "name": "RHSA-2024:4146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4146"
              },
              {
                "name": "RHSA-2024:4371",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4371"
              },
              {
                "name": "RHSA-2024:4378",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4378"
              },
              {
                "name": "RHSA-2024:4379",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4379"
              },
              {
                "name": "RHSA-2024:4502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4502"
              },
              {
                "name": "RHSA-2024:4581",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4581"
              },
              {
                "name": "RHSA-2024:4591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4591"
              },
              {
                "name": "RHSA-2024:4672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4672"
              },
              {
                "name": "RHSA-2024:4699",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4699"
              },
              {
                "name": "RHSA-2024:4761",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4761"
              },
              {
                "name": "RHSA-2024:4762",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4762"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
              },
              {
                "name": "RHBZ#2262921",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2024-2660"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuln.go.dev/ID/GO-2024-2660.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "receptor",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.5-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "receptor",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.5-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:devtools:2023::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "go-toolset-1.19-golang",
              "product": "Red Hat Developer Tools",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.19.13-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "go-toolset:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240313170136.26eb71ac",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-16.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "container-tools:rhel8",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240808093819.afee755d",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:101-2.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.12-2.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-8.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.21.9-2.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.2.10-16.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana-pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.1-2.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.33.7-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:4.9.4-5.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gvisor-tap-vsock",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6:0.7.3-4.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.14.3-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-4.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-3.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "osbuild-composer",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:132-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:4.2.0-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.0.1-6.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "golang",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.19.13-7.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:4.4.1-20.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.23.4-5.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.16.0-2.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.1.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.25.0-2.2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.0-5.2.rhaos4.12.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.2.0-7.2.rhaos4.12.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:1.1.6-5.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.9.4-3.2.rhaos4.12.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-2.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.1.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.26.0-4.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.0-7.1.rhaos4.13.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-5.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.1.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-2.2.rhaos4.13.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.19.0-1.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.2.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.0-3.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.1.rhaos4.14.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-11.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-10.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-10.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.19.0-1.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "conmon",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:2.1.7-3.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.3.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.27.0-3.2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.2.rhaos4.14.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4-aws-iso",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-ansible",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-kuryr",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-11.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.2.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-10.4.rhaos4.14.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "microshift",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202407300859-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "buildah",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.29.1-20.3.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.20.0-1.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:1.4.0-1.2.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-o",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "cri-tools",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.28.0-3.1.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.2-2.1.rhaos4.15.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ose-aws-ecr-image-credential-provider",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "podman",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3:4.4.1-21.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "runc",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4:1.1.12-1.1.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "skopeo",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:1.11.2-21.2.rhaos4.15.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "microshift",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9",
                "cpe:/a:redhat:openshift:4.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202407191425-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.23-16.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "collectd-sensubility",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.1-3.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.26-8.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "collectd-sensubility",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.1-3.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-137",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-38",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:network_bound_disk_encryption_tang:1"
              ],
              "defaultStatus": "affected",
              "packageName": "tang-operator-bundle-container",
              "product": "NBDE Tang Server",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "helm",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ocp_tools"
              ],
              "defaultStatus": "affected",
              "packageName": "odo",
              "product": "OpenShift Developer Tools and Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines-client",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-clients",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "helm",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-clients",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:certifications:1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-certification-preflight",
              "product": "Red Hat Certification for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:certifications:9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-certification-preflight",
              "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "buildah",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "host-metering",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "podman",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rhc-worker-script",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "skopeo",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/buildah",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/conmon",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/containernetworking-plugins",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/podman",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/runc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/skopeo",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "container-tools:4.0/toolbox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "git-lfs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "weldr-client",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "butane",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "git-lfs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "ignition",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "toolbox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "weldr-client",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "conmon-rs",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "golang-github-prometheus-promu",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "lifecycle-agent-operator-bundle-container",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift4/bare-metal-event-relay-operator-bundle",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/numaresources-operator-bundle",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-cluster-machine-approver-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_container_storage:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "mcg",
              "product": "Red Hat Openshift Container Storage 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/machineexec-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-operator-bundle",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_service_on_aws:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rosa",
              "product": "Red Hat OpenShift on AWS",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:container_native_virtualization:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kubevirt",
              "product": "Red Hat OpenShift Virtualization 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-github-infrawatch-apputils",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-github-infrawatch-apputils",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "golang-qpid-apache",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qpid-proton",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "etcd",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "qpid-proton",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "skupper-cli",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_interconnect:1"
              ],
              "defaultStatus": "affected",
              "packageName": "skupper-router",
              "product": "Red Hat Service Interconnect 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_software_collections:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-git227-git-lfs",
              "product": "Red Hat Software Collections",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:storage:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "heketi",
              "product": "Red Hat Storage 3",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue."
            }
          ],
          "datePublic": "2024-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T01:32:06.267Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1462",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1462"
            },
            {
              "name": "RHSA-2024:1468",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1468"
            },
            {
              "name": "RHSA-2024:1472",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1472"
            },
            {
              "name": "RHSA-2024:1501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1501"
            },
            {
              "name": "RHSA-2024:1502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1502"
            },
            {
              "name": "RHSA-2024:1561",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1561"
            },
            {
              "name": "RHSA-2024:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1563"
            },
            {
              "name": "RHSA-2024:1566",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1566"
            },
            {
              "name": "RHSA-2024:1567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1567"
            },
            {
              "name": "RHSA-2024:1574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1574"
            },
            {
              "name": "RHSA-2024:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1640"
            },
            {
              "name": "RHSA-2024:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1644"
            },
            {
              "name": "RHSA-2024:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1646"
            },
            {
              "name": "RHSA-2024:1763",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1763"
            },
            {
              "name": "RHSA-2024:1897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1897"
            },
            {
              "name": "RHSA-2024:2562",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2562"
            },
            {
              "name": "RHSA-2024:2568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2568"
            },
            {
              "name": "RHSA-2024:2569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2569"
            },
            {
              "name": "RHSA-2024:2729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2729"
            },
            {
              "name": "RHSA-2024:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2730"
            },
            {
              "name": "RHSA-2024:2767",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2767"
            },
            {
              "name": "RHSA-2024:3265",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3265"
            },
            {
              "name": "RHSA-2024:3352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3352"
            },
            {
              "name": "RHSA-2024:4146",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4146"
            },
            {
              "name": "RHSA-2024:4371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4371"
            },
            {
              "name": "RHSA-2024:4378",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4378"
            },
            {
              "name": "RHSA-2024:4379",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4379"
            },
            {
              "name": "RHSA-2024:4502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4502"
            },
            {
              "name": "RHSA-2024:4581",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4581"
            },
            {
              "name": "RHSA-2024:4591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4591"
            },
            {
              "name": "RHSA-2024:4672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4672"
            },
            {
              "name": "RHSA-2024:4699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4699"
            },
            {
              "name": "RHSA-2024:4761",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4761"
            },
            {
              "name": "RHSA-2024:4762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4762"
            },
            {
              "name": "RHSA-2024:4960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4960"
            },
            {
              "name": "RHSA-2024:5258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5258"
            },
            {
              "name": "RHSA-2024:5634",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5634"
            },
            {
              "name": "RHSA-2024:7262",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7262"
            },
            {
              "name": "RHSA-2025:7118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7118"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
            },
            {
              "name": "RHBZ#2262921",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
            },
            {
              "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
            },
            {
              "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
            },
            {
              "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2024-2660"
            },
            {
              "url": "https://vuln.go.dev/ID/GO-2024-2660.json"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-03-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1394",
        "datePublished": "2024-03-21T12:16:38.790Z",
        "dateReserved": "2024-02-09T06:02:35.056Z",
        "dateUpdated": "2026-04-23T01:32:06.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6725 (GCVE-0-2023-6725)

    Vulnerability from cvelistv5 – Published: 2024-03-15 12:38 – Updated: 2026-02-25 18:20
    VLAI
    Title
    Tripleo-ansible: bind keys are world readable
    Summary
    An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2736 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2770 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6725 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2249273 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:14.3.1-17.1.20231103003762.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:3.3.1-17.1.20231101233754.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:14.3.1-17.1.20231103010840.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:3.3.1-17.1.20231101230831.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-03-15 00:00
    Credits
    This issue was discovered by Michael Johnson (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2736",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2736"
              },
              {
                "name": "RHSA-2024:2770",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2770"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6725"
              },
              {
                "name": "RHBZ#2249273",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249273"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6725",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T16:37:30.842696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:40:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20231103003762.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "tripleo-ansible",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.1-17.1.20231101233754.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-tripleo-heat-templates",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:14.3.1-17.1.20231103010840.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "tripleo-ansible",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.1-17.1.20231101230831.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-designate",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Michael Johnson (Red Hat)."
            }
          ],
          "datePublic": "2024-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:20:14.710Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2736",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2736"
            },
            {
              "name": "RHSA-2024:2770",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2770"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6725"
            },
            {
              "name": "RHBZ#2249273",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249273"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-03-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Tripleo-ansible: bind keys are world readable",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6725",
        "datePublished": "2024-03-15T12:38:23.158Z",
        "dateReserved": "2023-12-12T09:57:13.700Z",
        "dateUpdated": "2026-02-25T18:20:14.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1141 (GCVE-0-2024-1141)

    Vulnerability from cvelistv5 – Published: 2024-02-01 14:21 – Updated: 2025-11-20 18:21
    VLAI
    Title
    Glance-store: glance store access key logged in debug log level
    Summary
    A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-779 - Logging of Excessive Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2732 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1141 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2258836 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 4.7.0 (custom)
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.5.1-17.1.20230621023901.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.1     cpe:/a:redhat:openstack:16.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Date Public
    2024-01-17 00:00
    Credits
    Red Hat would like to thank Lujie (ICT) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-01T20:50:59.471008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:46.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2732",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2732"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1141"
              },
              {
                "name": "RHBZ#2258836",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack/glance_store/",
              "defaultStatus": "unaffected",
              "packageName": "glance-store",
              "versions": [
                {
                  "lessThan": "4.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.1-17.1.20230621023901.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "python-glance-store",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Lujie (ICT) for reporting this issue."
            }
          ],
          "datePublic": "2024-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-779",
                  "description": "Logging of Excessive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:21:09.704Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2732",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2732"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1141"
            },
            {
              "name": "RHBZ#2258836",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glance-store: glance store access key logged in debug log level",
          "workarounds": [
            {
              "lang": "en",
              "value": "Avoid leaving the DEBUG log level enabled in critical environments."
            }
          ],
          "x_redhatCweChain": "CWE-779: Logging of Excessive Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1141",
        "datePublished": "2024-02-01T14:21:37.758Z",
        "dateReserved": "2024-02-01T00:47:57.686Z",
        "dateUpdated": "2025-11-20T18:21:09.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5625 (GCVE-0-2023-5625)

    Vulnerability from cvelistv5 – Published: 2023-11-01 13:28 – Updated: 2025-11-20 18:06
    VLAI
    Title
    Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
    Summary
    A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:6128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0188 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0213 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-5625 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2244717 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Ironic content for Red Hat OpenShift Container Platform 4.12 Unaffected: 0:0.30.2-4.el9 , < * (rpm)
        cpe:/a:redhat:openshift_ironic:4.12::el9
        cpe:/a:redhat:openshift:4.12::el9
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8 Unaffected: 0:0.30.2-4.el8ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:0.30.2-4.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Date Public
    2023-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T20:10:57.417193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T20:14:12.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.226Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:6128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:6128"
              },
              {
                "name": "RHSA-2024:0188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0188"
              },
              {
                "name": "RHSA-2024:0213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0213"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5625"
              },
              {
                "name": "RHBZ#2244717",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ironic:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el9",
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Ironic content for Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el8ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-eventlet",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.30.2-4.el9ost",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:06:27.969Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:6128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:6128"
            },
            {
              "name": "RHSA-2024:0188",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0188"
            },
            {
              "name": "RHSA-2024:0213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0213"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5625"
            },
            {
              "name": "RHBZ#2244717",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244717"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Python-eventlet: patch regression for cve-2021-21419 in some red hat builds",
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5625",
        "datePublished": "2023-11-01T13:28:10.190Z",
        "dateReserved": "2023-10-17T22:35:25.280Z",
        "dateUpdated": "2025-11-20T18:06:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }