Vulnerability-Lookup

CVE-2018-1002105 (GCVE-0-2018-1002105)

Vulnerability from cvelistv5 – Published: 2018-12-05 21:00 – Updated: 2024-08-05 12:47

Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Unchecked Error Condition

Assigner

kubernetes

References

20 references

URL	Tags
https://groups.google.com/forum/#%21topic/kuberne…	x_refsource_CONFIRM
https://www.exploit-db.com/exploits/46053/	exploitx_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:3549	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3752	vendor-advisoryx_refsource_REDHAT
https://www.exploit-db.com/exploits/46052/	exploitx_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:3624	vendor-advisoryx_refsource_REDHAT
https://www.coalfire.com/The-Coalfire-Blog/Decemb…	x_refsource_MISC
https://github.com/kubernetes/kubernetes/issues/71411	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3742	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3754	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3537	vendor-advisoryx_refsource_REDHAT
https://github.com/evict/poc_CVE-2018-1002105	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3598	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3551	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/106068	vdb-entryx_refsource_BID
https://security.netapp.com/advisory/ntap-2019041…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

1 product

Vendor	Product	Version
Kubernetes	Kubernetes	Affected: v1.0.x Affected: v1.1.x Affected: v1.2.x Affected: v1.3.x Affected: v1.4.x Affected: v1.5.x Affected: v1.6.x Affected: v1.7.x Affected: v1.8.x Affected: v1.9.x Affected: unspecified , < v1.10.11 (custom) Affected: unspecified , < v1.11.5 (custom) Affected: unspecified , < v1.12.3 (custom)

Date Public

2018-12-05 00:00

Credits

Reported by Darren Shepherd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:47:57.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
          },
          {
            "name": "46053",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46053/"
          },
          {
            "name": "RHSA-2018:3549",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3549"
          },
          {
            "name": "RHSA-2018:3752",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3752"
          },
          {
            "name": "46052",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46052/"
          },
          {
            "name": "RHSA-2018:3624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3624"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/71411"
          },
          {
            "name": "RHSA-2018:3742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3742"
          },
          {
            "name": "RHSA-2018:3754",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3754"
          },
          {
            "name": "RHSA-2018:3537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3537"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/evict/poc_CVE-2018-1002105"
          },
          {
            "name": "RHSA-2018:3598",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3598"
          },
          {
            "name": "RHSA-2018:3551",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3551"
          },
          {
            "name": "106068",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes",
          "vendor": "Kubernetes",
          "versions": [
            {
              "status": "affected",
              "version": "v1.0.x"
            },
            {
              "status": "affected",
              "version": "v1.1.x"
            },
            {
              "status": "affected",
              "version": "v1.2.x"
            },
            {
              "status": "affected",
              "version": "v1.3.x"
            },
            {
              "status": "affected",
              "version": "v1.4.x"
            },
            {
              "status": "affected",
              "version": "v1.5.x"
            },
            {
              "status": "affected",
              "version": "v1.6.x"
            },
            {
              "status": "affected",
              "version": "v1.7.x"
            },
            {
              "status": "affected",
              "version": "v1.8.x"
            },
            {
              "status": "affected",
              "version": "v1.9.x"
            },
            {
              "lessThan": "v1.10.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.11.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Darren Shepherd"
        }
      ],
      "dateAssigned": "2018-11-05T00:00:00.000Z",
      "datePublic": "2018-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unchecked Error Condition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-26T20:06:09.000Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
        },
        {
          "name": "46053",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46053/"
        },
        {
          "name": "RHSA-2018:3549",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3549"
        },
        {
          "name": "RHSA-2018:3752",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3752"
        },
        {
          "name": "46052",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46052/"
        },
        {
          "name": "RHSA-2018:3624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3624"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/71411"
        },
        {
          "name": "RHSA-2018:3742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3742"
        },
        {
          "name": "RHSA-2018:3754",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3754"
        },
        {
          "name": "RHSA-2018:3537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3537"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/evict/poc_CVE-2018-1002105"
        },
        {
          "name": "RHSA-2018:3598",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3598"
        },
        {
          "name": "RHSA-2018:3551",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3551"
        },
        {
          "name": "106068",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "openSUSE-SU-2020:0554",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_ASSIGNED": "2018-11-05",
          "ID": "CVE-2018-1002105",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "v1.0.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.2.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.3.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.4.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.5.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.6.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.7.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.8.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.9.x"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.10.11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.11.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.12.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          "Reported by Darren Shepherd"
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unchecked Error Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
            },
            {
              "name": "46053",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46053/"
            },
            {
              "name": "RHSA-2018:3549",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3549"
            },
            {
              "name": "RHSA-2018:3752",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3752"
            },
            {
              "name": "46052",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46052/"
            },
            {
              "name": "RHSA-2018:3624",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3624"
            },
            {
              "name": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
              "refsource": "MISC",
              "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
            },
            {
              "name": "https://github.com/kubernetes/kubernetes/issues/71411",
              "refsource": "CONFIRM",
              "url": "https://github.com/kubernetes/kubernetes/issues/71411"
            },
            {
              "name": "RHSA-2018:3742",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3742"
            },
            {
              "name": "RHSA-2018:3754",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3754"
            },
            {
              "name": "RHSA-2018:3537",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3537"
            },
            {
              "name": "https://github.com/evict/poc_CVE-2018-1002105",
              "refsource": "MISC",
              "url": "https://github.com/evict/poc_CVE-2018-1002105"
            },
            {
              "name": "RHSA-2018:3598",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3598"
            },
            {
              "name": "RHSA-2018:3551",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3551"
            },
            {
              "name": "106068",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106068"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2018-1002105",
    "datePublished": "2018-12-05T21:00:00.000Z",
    "dateReserved": "2018-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:47:57.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-1002105",
      "date": "2026-05-29",
      "epss": "0.90189",
      "percentile": "0.99606"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1002105\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2018-12-05T21:29:00.403\",\"lastModified\":\"2024-11-21T03:40:38.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection.\"},{\"lang\":\"es\",\"value\":\"En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualizaci\u00f3n en el proxy en kube-apiserver permit\u00edan que las peticiones especialmente manipuladas estableciesen una conexi\u00f3n mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexi\u00f3n directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexi\u00f3n con el backend.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-388\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.9.11\",\"matchCriteriaId\":\"389826D3-C28B-4EA5-8398-307B06A09A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.10.0\",\"versionEndIncluding\":\"1.10.10\",\"matchCriteriaId\":\"A71A5EC9-75B0-43DE-B77D-B560D350E99D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndIncluding\":\"1.11.4\",\"matchCriteriaId\":\"96DEFC7F-6DBC-43C0-AF50-4B8B89A4634D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndIncluding\":\"1.12.2\",\"matchCriteriaId\":\"08512A98-DAED-4C31-8B23-A5DF260EA78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4C657CF-5878-465A-BEC7-2718AB267C77\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10044B3-FBB1-4031-9060-D3A2915B164C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA3ADA26-2B9E-4ABA-A224-910BD75CCE00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E80045-56E4-4A83-8168-CFED5E55CE45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E792B5DC-CCD2-4A50-B72F-860A3BFAF165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B75DC91F-0D25-42F9-8B7B-3ECCE6AB8174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E50A070E-96A9-45D7-B155-00243D17F7A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBCD38F-BBE8-488C-A8C3-5782F191D915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9A34F5-AC03-4098-A37D-AD50727DDB11\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/3\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/4\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"http://www.securityfocus.com/bid/106068\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3537\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3549\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3551\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3598\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3624\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3742\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3752\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3754\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/evict/poc_CVE-2018-1002105\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/71411\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190416-0001/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46052/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/46053/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/evict/poc_CVE-2018-1002105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/71411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190416-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46052/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/46053/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

RHSA-2018:3537

Vulnerability from csaf_redhat - Published: 2018-11-20 03:11 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) * nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115) * kibana: Cross-site scripting via the source field formatter (CVE-2018-3830) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

8.0 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src		—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64		—	Vendor Fix fix

Known not affected 69 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src		—

Threats

Impact Moderate

CVE-2018-12115

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch		—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src		—	Vendor Fix fix Workaround

Known not affected 69 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src	—	Workaround

Threats

Impact Important

CVE-2018-1002105

A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Vendor Fix fix Workaround

Known not affected 58 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src	—	Workaround

Threats

Impact Critical

References

56 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3537	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://docs.openshift.com/container-platform/3.1…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1552304	external
https://bugzilla.redhat.com/show_bug.cgi?id=1613722	external
https://bugzilla.redhat.com/show_bug.cgi?id=1614904	external
https://bugzilla.redhat.com/show_bug.cgi?id=1615884	external
https://bugzilla.redhat.com/show_bug.cgi?id=1620219	external
https://bugzilla.redhat.com/show_bug.cgi?id=1622822	external
https://bugzilla.redhat.com/show_bug.cgi?id=1625090	external
https://bugzilla.redhat.com/show_bug.cgi?id=1626228	external
https://bugzilla.redhat.com/show_bug.cgi?id=1626538	external
https://bugzilla.redhat.com/show_bug.cgi?id=1627086	external
https://bugzilla.redhat.com/show_bug.cgi?id=1627689	external
https://bugzilla.redhat.com/show_bug.cgi?id=1628235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1628381	external
https://bugzilla.redhat.com/show_bug.cgi?id=1628902	external
https://bugzilla.redhat.com/show_bug.cgi?id=1629558	external
https://bugzilla.redhat.com/show_bug.cgi?id=1632364	external
https://bugzilla.redhat.com/show_bug.cgi?id=1632450	external
https://bugzilla.redhat.com/show_bug.cgi?id=1632648	external
https://bugzilla.redhat.com/show_bug.cgi?id=1632895	external
https://bugzilla.redhat.com/show_bug.cgi?id=1633574	external
https://bugzilla.redhat.com/show_bug.cgi?id=1633923	external
https://bugzilla.redhat.com/show_bug.cgi?id=1634700	external
https://bugzilla.redhat.com/show_bug.cgi?id=1634835	external
https://bugzilla.redhat.com/show_bug.cgi?id=1635672	external
https://bugzilla.redhat.com/show_bug.cgi?id=1636248	external
https://bugzilla.redhat.com/show_bug.cgi?id=1637413	external
https://bugzilla.redhat.com/show_bug.cgi?id=1637737	external
https://bugzilla.redhat.com/show_bug.cgi?id=1641245	external
https://bugzilla.redhat.com/show_bug.cgi?id=1641321	external
https://bugzilla.redhat.com/show_bug.cgi?id=1641657	external
https://bugzilla.redhat.com/show_bug.cgi?id=1641796	external
https://bugzilla.redhat.com/show_bug.cgi?id=1642002	external
https://bugzilla.redhat.com/show_bug.cgi?id=1642350	external
https://bugzilla.redhat.com/show_bug.cgi?id=1643119	external
https://bugzilla.redhat.com/show_bug.cgi?id=1643301	external
https://bugzilla.redhat.com/show_bug.cgi?id=1643948	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-3830	self
https://bugzilla.redhat.com/show_bug.cgi?id=1632450	external
https://www.cve.org/CVERecord?id=CVE-2018-3830	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3830	external
https://access.redhat.com/security/cve/CVE-2018-12115	self
https://bugzilla.redhat.com/show_bug.cgi?id=1620219	external
https://www.cve.org/CVERecord?id=CVE-2018-12115	external
https://nvd.nist.gov/vuln/detail/CVE-2018-12115	external
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\n* kibana: Cross-site scripting via the source field formatter (CVE-2018-3830)\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3537",
        "url": "https://access.redhat.com/errata/RHSA-2018:3537"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
        "url": "https://access.redhat.com/security/vulnerabilities/3716411"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1552304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552304"
      },
      {
        "category": "external",
        "summary": "1613722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613722"
      },
      {
        "category": "external",
        "summary": "1614904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614904"
      },
      {
        "category": "external",
        "summary": "1615884",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615884"
      },
      {
        "category": "external",
        "summary": "1620219",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
      },
      {
        "category": "external",
        "summary": "1622822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622822"
      },
      {
        "category": "external",
        "summary": "1625090",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625090"
      },
      {
        "category": "external",
        "summary": "1626228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626228"
      },
      {
        "category": "external",
        "summary": "1626538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626538"
      },
      {
        "category": "external",
        "summary": "1627086",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627086"
      },
      {
        "category": "external",
        "summary": "1627689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627689"
      },
      {
        "category": "external",
        "summary": "1628235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628235"
      },
      {
        "category": "external",
        "summary": "1628381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628381"
      },
      {
        "category": "external",
        "summary": "1628902",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628902"
      },
      {
        "category": "external",
        "summary": "1629558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629558"
      },
      {
        "category": "external",
        "summary": "1632364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632364"
      },
      {
        "category": "external",
        "summary": "1632450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632450"
      },
      {
        "category": "external",
        "summary": "1632648",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632648"
      },
      {
        "category": "external",
        "summary": "1632895",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632895"
      },
      {
        "category": "external",
        "summary": "1633574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633574"
      },
      {
        "category": "external",
        "summary": "1633923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633923"
      },
      {
        "category": "external",
        "summary": "1634700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634700"
      },
      {
        "category": "external",
        "summary": "1634835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634835"
      },
      {
        "category": "external",
        "summary": "1635672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635672"
      },
      {
        "category": "external",
        "summary": "1636248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636248"
      },
      {
        "category": "external",
        "summary": "1637413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637413"
      },
      {
        "category": "external",
        "summary": "1637737",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637737"
      },
      {
        "category": "external",
        "summary": "1641245",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641245"
      },
      {
        "category": "external",
        "summary": "1641321",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641321"
      },
      {
        "category": "external",
        "summary": "1641657",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641657"
      },
      {
        "category": "external",
        "summary": "1641796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641796"
      },
      {
        "category": "external",
        "summary": "1642002",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642002"
      },
      {
        "category": "external",
        "summary": "1642350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642350"
      },
      {
        "category": "external",
        "summary": "1643119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643119"
      },
      {
        "category": "external",
        "summary": "1643301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643301"
      },
      {
        "category": "external",
        "summary": "1643948",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643948"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3537.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:06+00:00",
      "generator": {
        "date": "2026-04-30T04:07:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3537",
      "initial_release_date": "2018-11-20T03:11:20+00:00",
      "revision_history": [
        {
          "date": "2018-11-20T03:11:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-12-09T13:33:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.11",
                  "product_id": "7Server-RH7-RHOSE-3.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.11::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
                "product": {
                  "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
                  "product_id": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1539805268-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
                "product": {
                  "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
                  "product_id": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage@0.0.2-4.gitd3c94f0.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-elasticsearch-0:5.5.5-1.el7.src",
                "product": {
                  "name": "python-elasticsearch-0:5.5.5-1.el7.src",
                  "product_id": "python-elasticsearch-0:5.5.5-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-elasticsearch@5.5.5-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-nose-xcover-0:1.0.10-1.el7.src",
                "product": {
                  "name": "python-nose-xcover-0:1.0.10-1.el7.src",
                  "product_id": "python-nose-xcover-0:1.0.10-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-nose-xcover@1.0.10-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
                  "product_id": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.43-1.git.1671.04b17f5.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
                  "product_id": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
                "product": {
                  "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
                  "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.43-1.git.0.55c4e4b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.43-1.git.300.a720f7f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
                  "product_id": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.43-1.git.446.b80f8a1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
                "product": {
                  "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
                  "product_id": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.43-1.git.52.6cc0a21.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.43-1.git.252.f45475c.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
                "product": {
                  "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
                  "product_id": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.43-1.git.14.bbbb450.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.43-1.git.316.7753377.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
                "product": {
                  "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
                  "product_id": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.11.8-2.rhaos3.11.git71cc465.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
                "product": {
                  "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
                  "product_id": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.43-1.git.419.03122b3.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
                "product": {
                  "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
                  "product_id": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.43-1.git.0.19c2765.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.43-1.git.1060.0aff287.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
                "product": {
                  "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
                  "product_id": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.43-1.git.5021.31a8f1d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kibana-0:5.6.12-1.el7.src",
                "product": {
                  "name": "kibana-0:5.6.12-1.el7.src",
                  "product_id": "kibana-0:5.6.12-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kibana@5.6.12-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
                  "product_id": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.11.43-1.git.0.fa69a02.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
                "product": {
                  "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
                  "product_id": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.43-1.git.219.be400cf.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.43-1.git.380.9cbcbb2.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
                "product": {
                  "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
                  "product_id": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.11.43-1.git.59.662daae.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
                "product": {
                  "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
                  "product_id": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.11.43-1.git.5.83ab17f.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
                "product": {
                  "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
                  "product_id": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1539805268-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-elasticsearch-0:5.5.5-1.el7.noarch",
                "product": {
                  "name": "python-elasticsearch-0:5.5.5-1.el7.noarch",
                  "product_id": "python-elasticsearch-0:5.5.5-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-elasticsearch@5.5.5-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-nose-xcover-0:1.0.10-1.el7.noarch",
                "product": {
                  "name": "python-nose-xcover-0:1.0.10-1.el7.noarch",
                  "product_id": "python-nose-xcover-0:1.0.10-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-nose-xcover@1.0.10-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.43-1.git.0.647ac05.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.43-1.git.0.647ac05.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.43-1.git.0.fa69a02.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_id": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.11.43-1.git.0.fa69a02.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.43-1.git.0.fa69a02.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.43-1.git.0.fa69a02.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-manila-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                "product": {
                  "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_id": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-external-storage-cephfs-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.43-1.git.1671.04b17f5.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.43-1.git.1671.04b17f5.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.43-1.git.0.647ac05.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.43-1.git.0.55c4e4b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.43-1.git.300.a720f7f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.43-1.git.446.b80f8a1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
                  "product_id": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.43-1.git.52.6cc0a21.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.43-1.git.252.f45475c.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
                  "product_id": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.43-1.git.14.bbbb450.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.43-1.git.316.7753377.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
                "product": {
                  "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
                  "product_id": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.11.8-2.rhaos3.11.git71cc465.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
                "product": {
                  "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
                  "product_id": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.43-1.git.419.03122b3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
                "product": {
                  "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
                  "product_id": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.43-1.git.0.19c2765.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.43-1.git.1060.0aff287.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
                "product": {
                  "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
                  "product_id": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus@3.11.43-1.git.5021.31a8f1d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64",
                "product": {
                  "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64",
                  "product_id": "kibana-debuginfo-0:5.6.12-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kibana-debuginfo@5.6.12-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kibana-0:5.6.12-1.el7.x86_64",
                "product": {
                  "name": "kibana-0:5.6.12-1.el7.x86_64",
                  "product_id": "kibana-0:5.6.12-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kibana@5.6.12-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
                "product": {
                  "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
                  "product_id": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.43-1.git.219.be400cf.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.43-1.git.380.9cbcbb2.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
                "product": {
                  "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
                  "product_id": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.11.43-1.git.59.662daae.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
                "product": {
                  "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
                  "product_id": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.11.43-1.git.5.83ab17f.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src"
        },
        "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src"
        },
        "product_reference": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64"
        },
        "product_reference": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src"
        },
        "product_reference": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src"
        },
        "product_reference": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64"
        },
        "product_reference": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src"
        },
        "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64"
        },
        "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src"
        },
        "product_reference": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src"
        },
        "product_reference": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch"
        },
        "product_reference": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src"
        },
        "product_reference": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kibana-0:5.6.12-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src"
        },
        "product_reference": "kibana-0:5.6.12-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kibana-0:5.6.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64"
        },
        "product_reference": "kibana-0:5.6.12-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64"
        },
        "product_reference": "kibana-debuginfo-0:5.6.12-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src"
        },
        "product_reference": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64"
        },
        "product_reference": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src"
        },
        "product_reference": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64"
        },
        "product_reference": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src"
        },
        "product_reference": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64"
        },
        "product_reference": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src"
        },
        "product_reference": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64"
        },
        "product_reference": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64"
        },
        "product_reference": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64"
        },
        "product_reference": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-elasticsearch-0:5.5.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch"
        },
        "product_reference": "python-elasticsearch-0:5.5.5-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-elasticsearch-0:5.5.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src"
        },
        "product_reference": "python-elasticsearch-0:5.5.5-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-nose-xcover-0:1.0.10-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch"
        },
        "product_reference": "python-nose-xcover-0:1.0.10-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-nose-xcover-0:1.0.10-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
        },
        "product_reference": "python-nose-xcover-0:1.0.10-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-3830",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-09-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1632450"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kibana: Cross-site scripting via the source field formatter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3830"
        },
        {
          "category": "external",
          "summary": "RHBZ#1632450",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632450"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3830"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3830",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3830"
        }
      ],
      "release_date": "2018-09-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-11-20T03:11:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3537"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kibana: Cross-site scripting via the source field formatter"
    },
    {
      "cve": "CVE-2018-12115",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2018-08-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1620219"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-12115"
        },
        {
          "category": "external",
          "summary": "RHBZ#1620219",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115"
        }
      ],
      "release_date": "2018-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-11-20T03:11:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3537"
        },
        {
          "category": "workaround",
          "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
          "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
          "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-11-20T03:11:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3537"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src",
            "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src",
            "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3549

Vulnerability from csaf_redhat - Published: 2018-11-20 03:15 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.10 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2018-1002105

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 58 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3549	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://docs.openshift.com/container-platform/3.1…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3549",
        "url": "https://access.redhat.com/errata/RHSA-2018:3549"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
        "url": "https://access.redhat.com/security/vulnerabilities/3716411"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3549.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.10 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:07+00:00",
      "generator": {
        "date": "2026-04-30T04:07:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3549",
      "initial_release_date": "2018-11-20T03:15:13+00:00",
      "revision_history": [
        {
          "date": "2018-11-20T03:15:13+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-03T17:31:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.10",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.10",
                  "product_id": "7Server-RH7-RHOSE-3.10",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.10::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.10.72-1.git.1450.7d3f435.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.10.72-1.git.1450.7d3f435.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_id": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.72-1.git.0.3cb2fdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.10.72-1.git.1060.64daa26.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
                "product": {
                  "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
                  "product_id": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
                "product": {
                  "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
                  "product_id": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                "product": {
                  "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                  "product_id": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.10.72-1.git.1450.7d3f435.el7?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                  "product_id": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.10.72-1.git.1450.7d3f435.el7?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_id": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.72-1.git.0.3cb2fdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
                  "product_id": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
                  "product_id": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
                  "product_id": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
                "product": {
                  "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
                  "product_id": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.10.72-1.git.1060.64daa26.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
                "product": {
                  "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
                  "product_id": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
                "product": {
                  "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
                  "product_id": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc.el7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
                  "product_id": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.10.72-1.git.1450.7d3f435.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
                  "product_id": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
                  "product_id": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
                  "product_id": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
                "product": {
                  "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
                  "product_id": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
                "product": {
                  "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
                  "product_id": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.10.72-1.git.0.3cb2fdc.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.10.72-1.git.0.3cb2fdc.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.10.73-1.git.0.8b65cea.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_id": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.10.73-1.git.0.8b65cea.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.10.73-1.git.0.8b65cea.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le"
        },
        "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le"
        },
        "product_reference": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src"
        },
        "product_reference": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64"
        },
        "product_reference": "openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le"
        },
        "product_reference": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src"
        },
        "product_reference": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64"
        },
        "product_reference": "openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le"
        },
        "product_reference": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10",
          "product_id": "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.10"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
          "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
          "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
          "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
          "7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
          "7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
          "7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
          "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
          "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
          "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
          "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
          "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-11-20T03:15:13+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3549"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7.noarch",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.src",
            "7Server-RH7-RHOSE-3.10:atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7.noarch",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.src",
            "7Server-RH7-RHOSE-3.10:openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7.x86_64",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.ppc64le",
            "7Server-RH7-RHOSE-3.10:prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3551

Vulnerability from csaf_redhat - Published: 2018-11-19 12:31 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.8 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform 3.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.8.44. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:3550 All OpenShift Container Platform 3.8 users are advised to upgrade to these updated packages.

CVE-2018-1002105

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64	—	Vendor Fix fix Workaround

Known not affected 15 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src	—	Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch	—	Workaround

Threats

Impact Critical

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3551	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/errata/RHBA-2018:3550	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform 3.8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.8.44. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:3550\n\nAll OpenShift Container Platform 3.8 users are advised to upgrade to these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3551",
        "url": "https://access.redhat.com/errata/RHSA-2018:3551"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
        "url": "https://access.redhat.com/security/vulnerabilities/3716411"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHBA-2018:3550",
        "url": "https://access.redhat.com/errata/RHBA-2018:3550"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3551.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.8 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:08+00:00",
      "generator": {
        "date": "2026-04-30T04:07:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3551",
      "initial_release_date": "2018-11-19T12:31:36+00:00",
      "revision_history": [
        {
          "date": "2018-11-19T12:31:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-03T18:00:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.8",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.8",
                  "product_id": "7Server-RH7-RHOSE-3.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.8::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.8.44-1.git.0.9be0abd.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.8.44-1.git.0.9be0abd.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.8.44-1.git.0.2bfde74.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.8.44-1.git.0.2bfde74.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.8.44-1.git.0.2bfde74.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_id": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.8.44-1.git.0.2bfde74.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.8.44-1.git.0.2bfde74.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-paramiko-doc-0:2.1.1-4.el7.noarch",
                "product": {
                  "name": "python-paramiko-doc-0:2.1.1-4.el7.noarch",
                  "product_id": "python-paramiko-doc-0:2.1.1-4.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-paramiko-doc@2.1.1-4.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-paramiko-0:2.1.1-4.el7.noarch",
                "product": {
                  "name": "python-paramiko-0:2.1.1-4.el7.noarch",
                  "product_id": "python-paramiko-0:2.1.1-4.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-paramiko@2.1.1-4.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.8.44-1.git.0.9be0abd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@0.3.0-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.44-1.git.224.90f9341.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.7.0-0.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
                  "product_id": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:0.3.0-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@0.3.0-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
                  "product_id": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.8.44-1.git.224.90f9341.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.7.0-0.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
                  "product_id": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.8.44-1.git.0.2bfde74.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-paramiko-0:2.1.1-4.el7.src",
                "product": {
                  "name": "python-paramiko-0:2.1.1-4.el7.src",
                  "product_id": "python-paramiko-0:2.1.1-4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-paramiko@2.1.1-4.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:0.3.0-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-0:2.1.1-4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch"
        },
        "product_reference": "python-paramiko-0:2.1.1-4.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-0:2.1.1-4.el7.src as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src"
        },
        "product_reference": "python-paramiko-0:2.1.1-4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-doc-0:2.1.1-4.el7.noarch as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch"
        },
        "product_reference": "python-paramiko-doc-0:2.1.1-4.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.8",
          "product_id": "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src",
            "7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
          "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
          "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
          "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
          "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
          "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
          "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
          "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch",
          "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src",
          "7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-11-19T12:31:36+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3551"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src",
            "7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch",
            "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-descheduler-0:0.3.0-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7.noarch",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.src",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-node-problem-detector-0:3.7.0-0.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7.x86_64",
            "7Server-RH7-RHOSE-3.8:atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7.src",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.noarch",
            "7Server-RH7-RHOSE-3.8:python-paramiko-0:2.1.1-4.el7.src",
            "7Server-RH7-RHOSE-3.8:python-paramiko-doc-0:2.1.1-4.el7.noarch",
            "7Server-RH7-RHOSE-3.8:tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3598

Vulnerability from csaf_redhat - Published: 2018-12-03 17:32 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.6 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform release 3.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)

CVE-2018-1002105

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 25 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

13 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3598	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://docs.openshift.com/container-platform/3.6…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://bugzilla.redhat.com/show_bug.cgi?id=1650020	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform release 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3598",
        "url": "https://access.redhat.com/errata/RHSA-2018:3598"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
        "url": "https://access.redhat.com/security/vulnerabilities/3716411"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.6/release_notes/ocp_3_6_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "external",
        "summary": "1650020",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1650020"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3598.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.6 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:08+00:00",
      "generator": {
        "date": "2026-04-30T04:07:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3598",
      "initial_release_date": "2018-12-03T17:32:35+00:00",
      "revision_history": [
        {
          "date": "2018-12-03T17:32:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-03T17:32:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.6",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.6",
                  "product_id": "7Server-RH7-RHOSE-3.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.6::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
                  "product_id": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
                  "product_id": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                "product": {
                  "name": "openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_id": "openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.6.173.0.140-1.git.0.0ccb19b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.6.173.0.140-1.git.0.9686d52.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.6.173.0.140-1.git.0.9686d52.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.6",
          "product_id": "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
          "7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
          "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-03T17:32:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3598"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.src",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7.noarch",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64",
            "7Server-RH7-RHOSE-3.6:atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7.src",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7.noarch",
            "7Server-RH7-RHOSE-3.6:tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3624

Vulnerability from csaf_redhat - Published: 2018-12-03 17:34 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.5 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform release 3.5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes: https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html All OpenShift Container Platform 3.5 users are advised to upgrade to these updated packages and images.

CVE-2018-1002105

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 25 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

14 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3624	self
https://access.redhat.com/security/updates/classi…	external
https://docs.openshift.com/container-platform/3.5…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1563329	external
https://bugzilla.redhat.com/show_bug.cgi?id=1568292	external
https://bugzilla.redhat.com/show_bug.cgi?id=1573956	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform release 3.5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html\n\nAll OpenShift Container Platform 3.5 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3624",
        "url": "https://access.redhat.com/errata/RHSA-2018:3624"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1563329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563329"
      },
      {
        "category": "external",
        "summary": "1568292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568292"
      },
      {
        "category": "external",
        "summary": "1573956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573956"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3624.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.5 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:09+00:00",
      "generator": {
        "date": "2026-04-30T04:07:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3624",
      "initial_release_date": "2018-12-03T17:34:40+00:00",
      "revision_history": [
        {
          "date": "2018-12-03T17:34:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-03T17:34:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.5",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.5",
                  "product_id": "7Server-RH7-RHOSE-3.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.5::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.5.5.31.80-1.git.0.c4a0780.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-kubernetes-0:160-3.el7.x86_64",
                "product": {
                  "name": "cockpit-kubernetes-0:160-3.el7.x86_64",
                  "product_id": "cockpit-kubernetes-0:160-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-kubernetes@160-3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-debuginfo-0:160-3.el7.x86_64",
                "product": {
                  "name": "cockpit-debuginfo-0:160-3.el7.x86_64",
                  "product_id": "cockpit-debuginfo-0:160-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-debuginfo@160-3.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.5.5.31.80-1.git.0.c4a0780.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.5.5.31.80-1.git.0.c4a0780.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.5.175-1.git.0.1274ebe.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
                  "product_id": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-0:160-3.el7.src",
                "product": {
                  "name": "cockpit-0:160-3.el7.src",
                  "product_id": "cockpit-0:160-3.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit@160-3.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
                  "product_id": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:160-3.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src"
        },
        "product_reference": "cockpit-0:160-3.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debuginfo-0:160-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64"
        },
        "product_reference": "cockpit-debuginfo-0:160-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-kubernetes-0:160-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64"
        },
        "product_reference": "cockpit-kubernetes-0:160-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.5",
          "product_id": "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src",
          "7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
          "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-03T17:34:40+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src",
            "7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3624"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src",
            "7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.src",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7.noarch",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:cockpit-0:160-3.el7.src",
            "7Server-RH7-RHOSE-3.5:cockpit-debuginfo-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:cockpit-kubernetes-0:160-3.el7.x86_64",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7.src",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7.noarch",
            "7Server-RH7-RHOSE-3.5:tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3742

Vulnerability from csaf_redhat - Published: 2018-12-03 17:26 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.2 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform 3.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.2.z. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:3741 All OpenShift Container Platform 3.2 users are advised to upgrade to these updated packages and images.

CVE-2018-1002105

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

13 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3742	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/errata/RHBA-2018:0114	external
https://docs.openshift.com/container-platform/3.2…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.2.z. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:3741\n\nAll OpenShift Container Platform 3.2 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3742",
        "url": "https://access.redhat.com/errata/RHSA-2018:3742"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
        "url": "https://access.redhat.com/security/vulnerabilities/3716411"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHBA-2018:0114",
        "url": "https://access.redhat.com/errata/RHBA-2018:0114"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.2/release_notes/ocp_3_2_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.2/release_notes/ocp_3_2_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3742.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.2 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:09+00:00",
      "generator": {
        "date": "2026-04-30T04:07:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3742",
      "initial_release_date": "2018-12-03T17:26:57+00:00",
      "revision_history": [
        {
          "date": "2018-12-03T17:26:57+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-04T03:21:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.2",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.2",
                  "product_id": "7Server-RH7-RHOSE-3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.2::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-recycle@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.2.1.34-2.git.20.6367d5d.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.2.1.34-2.git.20.6367d5d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.2.1.34-2.git.20.6367d5d.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
                  "product_id": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-03T17:26:57+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3742"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.src",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7.noarch",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3752

Vulnerability from csaf_redhat - Published: 2018-12-03 17:31 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.4 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform release 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.4. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:3751 All OpenShift Container Platform 3.4 users are advised to upgrade to these updated packages and images.

CVE-2018-1002105

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 22 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3752	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/errata/RHBA-2018:0114	external
https://docs.openshift.com/container-platform/3.4…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform release 3.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.4. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:3751\n\nAll OpenShift Container Platform 3.4 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3752",
        "url": "https://access.redhat.com/errata/RHSA-2018:3752"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHBA-2018:0114",
        "url": "https://access.redhat.com/errata/RHBA-2018:0114"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3752.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.4 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:09+00:00",
      "generator": {
        "date": "2026-04-30T04:07:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3752",
      "initial_release_date": "2018-12-03T17:31:11+00:00",
      "revision_history": [
        {
          "date": "2018-12-03T17:31:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-04T03:20:59+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.4",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.4",
                  "product_id": "7Server-RH7-RHOSE-3.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.4::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.4.1.44.57-1.git.0.a631031.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.4.1.44.57-1.git.0.a631031.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.4.1.44.57-1.git.0.a631031.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                "product": {
                  "name": "openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_id": "openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.4.172-1.git.0.33fe526.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
                  "product_id": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
                  "product_id": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.4",
          "product_id": "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
          "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
          "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-03T17:31:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3752"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.src",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7.noarch",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64",
            "7Server-RH7-RHOSE-3.4:atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-0:3.4.172-1.git.0.33fe526.el7.src",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7.noarch",
            "7Server-RH7-RHOSE-3.4:tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

RHSA-2018:3754

Vulnerability from csaf_redhat - Published: 2018-12-03 17:29 - Updated: 2026-04-30 04:07

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.3 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform release 3.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.3. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:3753 https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html All OpenShift Container Platform 3.3 users are advised to upgrade to these updated packages and images.

CVE-2018-1002105

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Fixed 22 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Critical

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3754	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/errata/RHBA-2018:0114	external
https://docs.openshift.com/container-platform/3.3…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-1002105	self
https://bugzilla.redhat.com/show_bug.cgi?id=1648138	external
https://www.cve.org/CVERecord?id=CVE-2018-1002105	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105	external
https://access.redhat.com/security/vulnerabilitie…	external
https://groups.google.com/forum/#!topic/kubernete…	external

Acknowledgments

the Kubernetes Product Security Team

Darren Shepherd

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform release 3.3.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.3. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:3753\n\nhttps://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html\n\nAll OpenShift Container Platform 3.3 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3754",
        "url": "https://access.redhat.com/errata/RHSA-2018:3754"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHBA-2018:0114",
        "url": "https://access.redhat.com/errata/RHBA-2018:0114"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1648138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3754.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.3 security update",
    "tracking": {
      "current_release_date": "2026-04-30T04:07:10+00:00",
      "generator": {
        "date": "2026-04-30T04:07:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2018:3754",
      "initial_release_date": "2018-12-03T17:29:26+00:00",
      "revision_history": [
        {
          "date": "2018-12-03T17:29:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-04T03:21:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T04:07:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.3",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.3",
                  "product_id": "7Server-RH7-RHOSE-3.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.3::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic-openshift-node@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.3.1.46.45-1.git.0.2ce596e.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.3.1.46.45-1.git.0.2ce596e.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.3.1.46.45-1.git.0.2ce596e.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-filter-plugins@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-lookup-plugins@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-callback-plugins@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.3.149-1.git.0.3859ddb.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
                  "product_id": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
                  "product_id": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.3",
          "product_id": "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        },
        "product_reference": "tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Kubernetes Product Security Team"
          ]
        },
        {
          "names": [
            "Darren Shepherd"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2018-1002105",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2018-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1648138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
          "7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
          "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1648138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/3716411",
          "url": "https://access.redhat.com/security/vulnerabilities/3716411"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
          "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
        }
      ],
      "release_date": "2018-12-03T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-03T17:29:26+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3754"
        },
        {
          "category": "workaround",
          "details": "See the vulnerability article for mitigation procedures.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.src",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7.noarch",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64",
            "7Server-RH7-RHOSE-3.3:atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7.src",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7.noarch",
            "7Server-RH7-RHOSE-3.3:tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1002105 (GCVE-0-2018-1002105)

Tags

Sightings

Nomenclature