Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-36518 (GCVE-0-2020-36518)
Vulnerability from cvelistv5 – Published: 2022-03-11 00:00 – Updated: 2025-08-27 20:34
VLAI
EPSS
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2816"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T20:34:26.384595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:34:32.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/2816"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36518",
"datePublished": "2022-03-11T00:00:00.000Z",
"dateReserved": "2022-03-11T00:00:00.000Z",
"dateUpdated": "2025-08-27T20:34:32.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-36518",
"date": "2026-05-27",
"epss": "0.00474",
"percentile": "0.6495"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-36518\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-11T07:15:07.800\",\"lastModified\":\"2025-08-27T21:15:36.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.\"},{\"lang\":\"es\",\"value\":\"jackson-databind versiones anteriores a 2.13.0, permite una excepci\u00f3n Java StackOverflow y una denegaci\u00f3n de servicio por medio de una gran profundidad de objetos anidados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.6.1\",\"matchCriteriaId\":\"E4445932-0923-4D28-8911-CFC9B61DFE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.2.1\",\"matchCriteriaId\":\"862ED616-15D6-42A2-88DB-9D3F304EFB5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA64A1D-34F9-4441-857A-25C165E6DBB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"869CDD22-4A6C-4665-AA37-E340B07EF81C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0.4.0\",\"versionEndIncluding\":\"12.0.0.6.0\",\"matchCriteriaId\":\"DCE2010E-A144-4ED2-B73D-1CA3800A8F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EDB6772-7FDB-45FF-8D72-952902A7EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A264E0DE-209D-49B1-8B26-51AB8BBC97F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6577F14-36B6-46A5-A1B1-FCCADA61A23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F4637E5-3324-441D-94E9-C2DBE9A6B502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4E817B5-A26B-4EA8-BA93-F87F42114FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74810125-09E6-4F27-B541-AFB61112AC56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.7\",\"versionEndIncluding\":\"8.1.0.0\",\"matchCriteriaId\":\"69F21EC6-EC2F-4E96-A9DE-621B84105304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC69CF0-6269-40F5-871B-16CFD5EC4C45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172BECE8-9626-4910-AAA1-A2FA9C7139E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB82398-7281-47CF-81F9-A8A67D9C9DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.1.0\",\"versionEndIncluding\":\"8.1.2.1\",\"matchCriteriaId\":\"AD9AC3A6-9B91-4B55-A320-A40E95F21058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9319627-379D-4069-8AC9-512D411F22DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC36036-07CE-4903-8FFB-445C6908F0CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F091C7-0869-4FD6-AC73-DA697D990304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D134C60-F9E2-46C2-8466-DB90AD98439E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.1.0\",\"versionEndIncluding\":\"8.1.2.1\",\"matchCriteriaId\":\"E6F77FFB-558E-4740-A63E-B702EE12EF68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64D669C-513E-4C53-8BB8-13EB336CDC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BDDBCD-4038-4BEC-91DB-587C2FBC6369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6394E90-2F2C-4955-9F97-BFED76D4333B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"10BBAD37-51A1-4819-807B-2642E9D4A69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.9.4.2.2\",\"matchCriteriaId\":\"EE85204F-614D-4EF1-ABEB-B3CD381C2CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6FFB5C-EB44-499F-BE81-24ED2B1F201A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2.0.1.30\",\"matchCriteriaId\":\"8F0728F8-14D0-4282-9CA7-EFCD68EE77AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.2.0\",\"matchCriteriaId\":\"097A31AB-B77F-4DC5-9CD8-AC3A403607AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F4D251-489F-41C8-BFA3-B51A1B69028D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.14\",\"matchCriteriaId\":\"F04DF183-EBCB-456E-90F9-A8500E6E32B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.13\",\"matchCriteriaId\":\"8D30B0D1-4466-4601-8822-CE8ADBB381FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.18\",\"matchCriteriaId\":\"17DE4709-5FFB-4E70-9416-553D89149D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.12.0\",\"versionEndIncluding\":\"21.12.1\",\"matchCriteriaId\":\"2982311E-B89A-4F9A-8BD2-44635DDDC10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0.0\",\"versionEndIncluding\":\"17.12.20.4\",\"matchCriteriaId\":\"050C3F61-FD74-4B62-BBC7-FFF05B22FB34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0.0\",\"versionEndIncluding\":\"18.8.25.4\",\"matchCriteriaId\":\"CD0A17FC-BFA9-4EA5-8D4F-1CEC5BC11AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.19.0\",\"matchCriteriaId\":\"5BC6277C-7C2F-49E1-8A68-4C726A087F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"21.12.4.0\",\"matchCriteriaId\":\"C383F1DE-32E0-4E77-9C5F-2D91893F458E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"5AFBEE29-1972-40B1-ADD6-536D5C74D4EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951EC479-1B04-49C9-8381-D849685E7517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B32D7B0-CAE2-4B31-94C4-6124356C12B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.1.0\",\"matchCriteriaId\":\"7E244A7B-EB39-4A84-BB01-EB09037A701F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4DAAD73-FE86-4934-AB1A-A60E840C6C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAA4004-9319-478C-9D55-0E8307F872F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]}],\"references\":[{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2816\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220506-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220506-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2816\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\", \"name\": \"[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220506-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"name\": \"DSA-5283\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"name\": \"[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T17:30:08.127Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-36518\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-27T20:34:26.384595Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T20:34:12.663Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2816\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\", \"name\": \"[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220506-0004/\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"name\": \"DSA-5283\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"name\": \"[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-11-27T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-36518\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-27T20:34:32.190Z\", \"dateReserved\": \"2022-03-11T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-03-11T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2022:6813
Vulnerability from csaf_redhat - Published: 2022-10-05 10:44 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.
9.3 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
6.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
110 references
Acknowledgments
Websec
Paulino Calderon
Amazon Corretto
Sergey Temnikov
Ziyi Luo
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6813",
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update",
"tracking": {
"current_release_date": "2026-05-14T22:32:08+00:00",
"generator": {
"date": "2026-05-14T22:32:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:6813",
"initial_release_date": "2022-10-05T10:44:49+00:00",
"revision_history": [
{
"date": "2022-10-05T10:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-05T10:44:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7746",
"discovery_date": "2020-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2096966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object\u0027s keys that are being set are not checked, possibly allowing a prototype pollution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chart.js: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7746"
},
{
"category": "external",
"summary": "RHBZ#2096966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chart.js: prototype pollution"
},
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-23436",
"discovery_date": "2021-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041833"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23436"
},
{
"category": "external",
"summary": "RHBZ#2041833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436"
}
],
"release_date": "2021-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-0722",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2103584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0722"
},
{
"category": "external",
"summary": "RHBZ#2103584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226",
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"release_date": "2022-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url"
},
{
"cve": "CVE-2022-1365",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2076133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1365"
},
{
"category": "external",
"summary": "RHBZ#2076133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/",
"url": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/"
}
],
"release_date": "2022-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor"
},
{
"acknowledgments": [
{
"names": [
"Paulino Calderon"
],
"organization": "Websec"
}
],
"cve": "CVE-2022-1415",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "drools: unsafe data deserialization in StreamUtils",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1415"
},
{
"category": "external",
"summary": "RHBZ#2065505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415"
}
],
"release_date": "2022-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "drools: unsafe data deserialization in StreamUtils"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-2458",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2022-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107994"
}
],
"notes": [
{
"category": "description",
"text": "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Business-central: Possible XML External Entity Injection attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2458"
},
{
"category": "external",
"summary": "RHBZ#2107994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2458"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458"
}
],
"release_date": "2022-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Business-central: Possible XML External Entity Injection attack"
},
{
"cve": "CVE-2022-21363",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047343"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21363"
},
{
"category": "external",
"summary": "RHBZ#2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors"
},
{
"cve": "CVE-2022-21724",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050863"
}
],
"notes": [
{
"category": "description",
"text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21724"
},
{
"category": "external",
"summary": "RHBZ#2050863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4",
"url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes"
},
{
"acknowledgments": [
{
"names": [
"Sergey Temnikov",
"Ziyi Luo"
],
"organization": "Amazon Corretto",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-23437",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xerces-j2: infinite loop when handling specially crafted XML document payloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23437"
},
{
"category": "external",
"summary": "RHBZ#2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437"
}
],
"release_date": "2022-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xerces-j2: infinite loop when handling specially crafted XML document payloads"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24771",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestAlgorithm structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24771"
},
{
"category": "external",
"summary": "RHBZ#2067387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
},
{
"cve": "CVE-2022-24772",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2022-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the DigestInfo ASN.1 structure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24772"
},
{
"category": "external",
"summary": "RHBZ#2067458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"release_date": "2022-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26520",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2022-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064007"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: Arbitrary File Write Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26520"
},
{
"category": "external",
"summary": "RHBZ#2064007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql-jdbc: Arbitrary File Write Vulnerability"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T10:44:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
RHSA-2022:6819
Vulnerability from csaf_redhat - Published: 2022-10-05 14:30 - Updated: 2026-05-22 14:22Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* kafka: Unauthenticated clients may cause OutOfMemoryError on brokers (CVE-2022-34917)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.2.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.2.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.2.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Kafka that allows malicious unauthenticated clients to allocate large amounts of memory on brokers, which could lead to an Out Of Memory Exception, causing a denial of service. Various authentication methods were affected in different degrees. In Kafka clusters without authentication, any client able to connect to a broker could trigger the issue. In Kafka clusters with SASL authentication, any client able to connect to a broker without the need for valid SASL credentials could trigger the issue. Lastly, in Kafka clusters with TLS authentication, only clients able to successfully authenticate via TLS could trigger the issue.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.2.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* kafka: Unauthenticated clients may cause OutOfMemoryError on brokers (CVE-2022-34917)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6819",
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.2.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.2.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "2130018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130018"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6819.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update",
"tracking": {
"current_release_date": "2026-05-22T14:22:59+00:00",
"generator": {
"date": "2026-05-22T14:22:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:6819",
"initial_release_date": "2022-10-05T14:30:17+00:00",
"revision_history": [
{
"date": "2022-10-05T14:30:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-05T14:30:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T14:22:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.2.0",
"product": {
"name": "Red Hat AMQ Streams 2.2.0",
"product_id": "Red Hat AMQ Streams 2.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T14:30:17+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2022-24823",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087186"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: world readable temporary file containing sensitive data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "RHBZ#2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
}
],
"release_date": "2022-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T14:30:17+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
},
{
"category": "workaround",
"details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"product_ids": [
"Red Hat AMQ Streams 2.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: world readable temporary file containing sensitive data"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T14:30:17+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-34917",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2022-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2130018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka that allows malicious unauthenticated clients to allocate large amounts of memory on brokers, which could lead to an Out Of Memory Exception, causing a denial of service. Various authentication methods were affected in different degrees. In Kafka clusters without authentication, any client able to connect to a broker could trigger the issue. In Kafka clusters with SASL authentication, any client able to connect to a broker without the need for valid SASL credentials could trigger the issue. Lastly, in Kafka clusters with TLS authentication, only clients able to successfully authenticate via TLS could trigger the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kafka: Unauthenticated clients may cause OutOfMemoryError on brokers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34917"
},
{
"category": "external",
"summary": "RHBZ#2130018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917"
}
],
"release_date": "2022-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-05T14:30:17+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Kafka: Unauthenticated clients may cause OutOfMemoryError on brokers"
}
]
}
RHSA-2022:7409
Vulnerability from csaf_redhat - Published: 2022-11-03 14:54 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Severity
Moderate
Notes
Topic: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
5.7 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
6.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
60 references
Acknowledgments
NRMC team (Nasdaq)
Johan Nilsson
Schindler Elevator Ltd., Switzerland
Oliver Bieri
Red Hat
Marek Posolda
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7409",
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7",
"tracking": {
"current_release_date": "2026-05-14T22:32:48+00:00",
"generator": {
"date": "2026-05-14T22:32:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:7409",
"initial_release_date": "2022-11-03T14:54:26+00:00",
"revision_history": [
{
"date": "2022-11-03T14:54:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-03T14:54:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"relates_to_product_reference": "7Server-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2027195"
}
],
"notes": [
{
"category": "description",
"text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42575"
},
{
"category": "external",
"summary": "RHBZ#2027195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575"
}
],
"release_date": "2021-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution"
},
{
"cve": "CVE-2021-43797",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: control chars in header names may lead to HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43797"
},
{
"category": "external",
"summary": "RHBZ#2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: control chars in header names may lead to HTTP request smuggling"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"acknowledgments": [
{
"names": [
"Johan Nilsson"
],
"organization": "NRMC team (Nasdaq)"
}
],
"cve": "CVE-2022-0225",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Stored XSS in groups dropdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0225"
},
{
"category": "external",
"summary": "RHBZ#2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"
}
],
"release_date": "2022-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Stored XSS in groups dropdown"
},
{
"cve": "CVE-2022-0853",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060725"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-client: memory leakage in remote client transaction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0853"
},
{
"category": "external",
"summary": "RHBZ#2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
}
],
"release_date": "2022-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-client: memory leakage in remote client transaction"
},
{
"acknowledgments": [
{
"names": [
"Oliver Bieri"
],
"organization": "Schindler Elevator Ltd., Switzerland"
}
],
"cve": "CVE-2022-0866",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060929"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0866"
},
{
"category": "external",
"summary": "RHBZ#2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
},
{
"category": "workaround",
"details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"acknowledgments": [
{
"names": [
"Marek Posolda"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2668",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2668"
},
{
"category": "external",
"summary": "RHBZ#2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
}
]
}
RHSA-2022:7410
Vulnerability from csaf_redhat - Published: 2022-11-03 14:54 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Severity
Moderate
Notes
Topic: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
5.7 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
6.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
60 references
Acknowledgments
NRMC team (Nasdaq)
Johan Nilsson
Schindler Elevator Ltd., Switzerland
Oliver Bieri
Red Hat
Marek Posolda
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7410",
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8",
"tracking": {
"current_release_date": "2026-05-14T22:32:51+00:00",
"generator": {
"date": "2026-05-14T22:32:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:7410",
"initial_release_date": "2022-11-03T14:54:28+00:00",
"revision_history": [
{
"date": "2022-11-03T14:54:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-03T14:54:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"relates_to_product_reference": "8Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2027195"
}
],
"notes": [
{
"category": "description",
"text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42575"
},
{
"category": "external",
"summary": "RHBZ#2027195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575"
}
],
"release_date": "2021-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution"
},
{
"cve": "CVE-2021-43797",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: control chars in header names may lead to HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43797"
},
{
"category": "external",
"summary": "RHBZ#2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: control chars in header names may lead to HTTP request smuggling"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"acknowledgments": [
{
"names": [
"Johan Nilsson"
],
"organization": "NRMC team (Nasdaq)"
}
],
"cve": "CVE-2022-0225",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Stored XSS in groups dropdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0225"
},
{
"category": "external",
"summary": "RHBZ#2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"
}
],
"release_date": "2022-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Stored XSS in groups dropdown"
},
{
"cve": "CVE-2022-0853",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060725"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-client: memory leakage in remote client transaction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0853"
},
{
"category": "external",
"summary": "RHBZ#2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
}
],
"release_date": "2022-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-client: memory leakage in remote client transaction"
},
{
"acknowledgments": [
{
"names": [
"Oliver Bieri"
],
"organization": "Schindler Elevator Ltd., Switzerland"
}
],
"cve": "CVE-2022-0866",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060929"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0866"
},
{
"category": "external",
"summary": "RHBZ#2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
},
{
"category": "workaround",
"details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"acknowledgments": [
{
"names": [
"Marek Posolda"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2668",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2668"
},
{
"category": "external",
"summary": "RHBZ#2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:54:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
}
]
}
RHSA-2022:7411
Vulnerability from csaf_redhat - Published: 2022-11-03 14:55 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Severity
Moderate
Notes
Topic: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
9.8 (Critical)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
9.8 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — | ||
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — | ||
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — | ||
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Threats
Impact
Moderate
A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
5.7 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
6.4 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
61 references
Acknowledgments
NRMC team (Nasdaq)
Johan Nilsson
Schindler Elevator Ltd., Switzerland
Oliver Bieri
Red Hat
Marek Posolda
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7411",
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/11258",
"url": "https://access.redhat.com/articles/11258"
},
{
"category": "external",
"summary": "2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9",
"tracking": {
"current_release_date": "2026-05-14T22:32:53+00:00",
"generator": {
"date": "2026-05-14T22:32:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:7411",
"initial_release_date": "2022-11-03T14:55:02+00:00",
"revision_history": [
{
"date": "2022-11-03T14:55:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-03T14:55:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-0:1-5.el9sso.src",
"product": {
"name": "rh-sso7-0:1-5.el9sso.src",
"product_id": "rh-sso7-0:1-5.el9sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"product": {
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"product": {
"name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"product_id": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"product": {
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"product": {
"name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"product_id": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-0:1-5.el9sso.x86_64",
"product": {
"name": "rh-sso7-0:1-5.el9sso.x86_64",
"product_id": "rh-sso7-0:1-5.el9sso.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-runtime-0:1-5.el9sso.x86_64",
"product": {
"name": "rh-sso7-runtime-0:1-5.el9sso.x86_64",
"product_id": "rh-sso7-runtime-0:1-5.el9sso.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src"
},
"product_reference": "rh-sso7-0:1-5.el9sso.src",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64"
},
"product_reference": "rh-sso7-0:1-5.el9sso.x86_64",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch"
},
"product_reference": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch"
},
"product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src"
},
"product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch"
},
"product_reference": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
},
"product_reference": "rh-sso7-runtime-0:1-5.el9sso.x86_64",
"relates_to_product_reference": "9Base-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2027195"
}
],
"notes": [
{
"category": "description",
"text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"known_not_affected": [
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42575"
},
{
"category": "external",
"summary": "RHBZ#2027195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575"
}
],
"release_date": "2021-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution"
},
{
"cve": "CVE-2021-43797",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: control chars in header names may lead to HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43797"
},
{
"category": "external",
"summary": "RHBZ#2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: control chars in header names may lead to HTTP request smuggling"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"acknowledgments": [
{
"names": [
"Johan Nilsson"
],
"organization": "NRMC team (Nasdaq)"
}
],
"cve": "CVE-2022-0225",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Stored XSS in groups dropdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0225"
},
{
"category": "external",
"summary": "RHBZ#2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"
}
],
"release_date": "2022-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Stored XSS in groups dropdown"
},
{
"cve": "CVE-2022-0853",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060725"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-client: memory leakage in remote client transaction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0853"
},
{
"category": "external",
"summary": "RHBZ#2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
}
],
"release_date": "2022-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-client: memory leakage in remote client transaction"
},
{
"acknowledgments": [
{
"names": [
"Oliver Bieri"
],
"organization": "Schindler Elevator Ltd., Switzerland"
}
],
"cve": "CVE-2022-0866",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060929"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0866"
},
{
"category": "external",
"summary": "RHBZ#2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
},
{
"category": "workaround",
"details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"acknowledgments": [
{
"names": [
"Marek Posolda"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2668",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2668"
},
{
"category": "external",
"summary": "RHBZ#2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T14:55:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64",
"9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
}
]
}
RHSA-2022:7417
Vulnerability from csaf_redhat - Published: 2022-11-03 15:14 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
5.7 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
6.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.6.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
61 references
Acknowledgments
NRMC team (Nasdaq)
Johan Nilsson
Schindler Elevator Ltd., Switzerland
Oliver Bieri
Red Hat
Marek Posolda
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7417",
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6"
},
{
"category": "external",
"summary": "2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update",
"tracking": {
"current_release_date": "2026-05-14T22:32:49+00:00",
"generator": {
"date": "2026-05-14T22:32:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:7417",
"initial_release_date": "2022-11-03T15:14:51+00:00",
"revision_history": [
{
"date": "2022-11-03T15:14:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-03T15:14:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6.1",
"product": {
"name": "Red Hat Single Sign-On 7.6.1",
"product_id": "Red Hat Single Sign-On 7.6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2027195"
}
],
"notes": [
{
"category": "description",
"text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42575"
},
{
"category": "external",
"summary": "RHBZ#2027195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575"
}
],
"release_date": "2021-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution"
},
{
"cve": "CVE-2021-43797",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: control chars in header names may lead to HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43797"
},
{
"category": "external",
"summary": "RHBZ#2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: control chars in header names may lead to HTTP request smuggling"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"acknowledgments": [
{
"names": [
"Johan Nilsson"
],
"organization": "NRMC team (Nasdaq)"
}
],
"cve": "CVE-2022-0225",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Stored XSS in groups dropdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0225"
},
{
"category": "external",
"summary": "RHBZ#2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"
}
],
"release_date": "2022-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Stored XSS in groups dropdown"
},
{
"cve": "CVE-2022-0853",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060725"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-client: memory leakage in remote client transaction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0853"
},
{
"category": "external",
"summary": "RHBZ#2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
}
],
"release_date": "2022-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-client: memory leakage in remote client transaction"
},
{
"acknowledgments": [
{
"names": [
"Oliver Bieri"
],
"organization": "Schindler Elevator Ltd., Switzerland"
}
],
"cve": "CVE-2022-0866",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060929"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0866"
},
{
"category": "external",
"summary": "RHBZ#2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
},
{
"category": "workaround",
"details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"acknowledgments": [
{
"names": [
"Marek Posolda"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2668",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2115392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2668"
},
{
"category": "external",
"summary": "RHBZ#2115392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.6.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-03T15:14:51+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.6.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.6.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
}
]
}
RHSA-2022:7435
Vulnerability from csaf_redhat - Published: 2022-11-16 12:13 - Updated: 2026-04-30 16:21Summary
Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update
Severity
Moderate
Notes
Topic: An update is now available for Logging subsystem for Red Hat OpenShift 5.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Logging Subsystem 5.4.8 - Red Hat OpenShift
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 | — |
Vendor Fix
fix
|
Known not affected
55 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 | — |
Vendor Fix
fix
|
Known not affected
55 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 | — |
Vendor Fix
fix
|
Known not affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 | — |
Vendor Fix
fix
|
Known not affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 | — |
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Logging subsystem for Red Hat OpenShift 5.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7435",
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "LOG-3250",
"url": "https://issues.redhat.com/browse/LOG-3250"
},
{
"category": "external",
"summary": "LOG-3252",
"url": "https://issues.redhat.com/browse/LOG-3252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7435.json"
}
],
"title": "Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update",
"tracking": {
"current_release_date": "2026-04-30T16:21:27+00:00",
"generator": {
"date": "2026-04-30T16:21:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:7435",
"initial_release_date": "2022-11-16T12:13:01+00:00",
"revision_history": [
{
"date": "2022-11-16T12:13:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-16T12:13:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:21:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.4 for RHEL 8",
"product": {
"name": "RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.4::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.4.8-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.4.8-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.4.8-20"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"relates_to_product_reference": "8Base-RHOL-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 as a component of RHOL 5.4 for RHEL 8",
"product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
"relates_to_product_reference": "8Base-RHOL-5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"known_not_affected": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T12:13:01+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2022-32149",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2022-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134010"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
],
"known_not_affected": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "RHBZ#2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
},
{
"category": "external",
"summary": "https://go.dev/issue/56152",
"url": "https://go.dev/issue/56152"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
"url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
}
],
"release_date": "2022-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T12:13:01+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"known_not_affected": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T12:13:01+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"known_not_affected": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T12:13:01+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
"8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
"8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
"8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
"8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
"8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
"8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
"8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
"8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
"8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
"8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
"8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2022:8781
Vulnerability from csaf_redhat - Published: 2022-12-08 07:37 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update
Severity
Moderate
Notes
Topic: Logging Subsystem 5.5.5 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Logging Subsystem 5.5.5 - Red Hat OpenShift
Security Fixe(s):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Workaround
|
Threats
Impact
Low
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
References
68 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8781",
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "LOG-2860",
"url": "https://issues.redhat.com/browse/LOG-2860"
},
{
"category": "external",
"summary": "LOG-3131",
"url": "https://issues.redhat.com/browse/LOG-3131"
},
{
"category": "external",
"summary": "LOG-3222",
"url": "https://issues.redhat.com/browse/LOG-3222"
},
{
"category": "external",
"summary": "LOG-3226",
"url": "https://issues.redhat.com/browse/LOG-3226"
},
{
"category": "external",
"summary": "LOG-3284",
"url": "https://issues.redhat.com/browse/LOG-3284"
},
{
"category": "external",
"summary": "LOG-3287",
"url": "https://issues.redhat.com/browse/LOG-3287"
},
{
"category": "external",
"summary": "LOG-3301",
"url": "https://issues.redhat.com/browse/LOG-3301"
},
{
"category": "external",
"summary": "LOG-3305",
"url": "https://issues.redhat.com/browse/LOG-3305"
},
{
"category": "external",
"summary": "LOG-3310",
"url": "https://issues.redhat.com/browse/LOG-3310"
},
{
"category": "external",
"summary": "LOG-3332",
"url": "https://issues.redhat.com/browse/LOG-3332"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8781.json"
}
],
"title": "Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:20+00:00",
"generator": {
"date": "2026-05-27T08:35:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:8781",
"initial_release_date": "2022-12-08T07:37:32+00:00",
"revision_history": [
{
"date": "2022-12-08T07:37:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-08T07:37:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.5 for RHEL 8",
"product": {
"name": "RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.5::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.5.5-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.5.5-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.5.5-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2022:8889
Vulnerability from csaf_redhat - Published: 2022-12-08 17:25 - Updated: 2026-03-28 00:54Summary
Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update
Severity
Moderate
Notes
Topic: Openshift Logging Bug Fix Release (5.3.14)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Openshift Logging Bug Fix Release (5.3.14)
Security Fixe(s):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x | — |
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Openshift Logging Bug Fix Release (5.3.14)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8889",
"url": "https://access.redhat.com/errata/RHSA-2022:8889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "LOG-3293",
"url": "https://issues.redhat.com/browse/LOG-3293"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8889.json"
}
],
"title": "Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update",
"tracking": {
"current_release_date": "2026-03-28T00:54:39+00:00",
"generator": {
"date": "2026-03-28T00:54:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2022:8889",
"initial_release_date": "2022-12-08T17:25:26+00:00",
"revision_history": [
{
"date": "2022-12-08T17:25:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-08T17:25:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-28T00:54:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Logging 5.3",
"product": {
"name": "OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.14-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.14-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64 as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x as a component of OpenShift Logging 5.3",
"product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T17:25:26+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T17:25:26+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T17:25:26+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le",
"8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2023:0264
Vulnerability from csaf_redhat - Published: 2023-01-19 11:03 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update
Severity
Moderate
Notes
Topic: An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Logging Subsystem 5.6.0 - Red Hat OpenShift
* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)
* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
References
86 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.6.0 - Red Hat OpenShift\n\n* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)\n* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0264",
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "LOG-2217",
"url": "https://issues.redhat.com/browse/LOG-2217"
},
{
"category": "external",
"summary": "LOG-2620",
"url": "https://issues.redhat.com/browse/LOG-2620"
},
{
"category": "external",
"summary": "LOG-2819",
"url": "https://issues.redhat.com/browse/LOG-2819"
},
{
"category": "external",
"summary": "LOG-2822",
"url": "https://issues.redhat.com/browse/LOG-2822"
},
{
"category": "external",
"summary": "LOG-2843",
"url": "https://issues.redhat.com/browse/LOG-2843"
},
{
"category": "external",
"summary": "LOG-2919",
"url": "https://issues.redhat.com/browse/LOG-2919"
},
{
"category": "external",
"summary": "LOG-2962",
"url": "https://issues.redhat.com/browse/LOG-2962"
},
{
"category": "external",
"summary": "LOG-2993",
"url": "https://issues.redhat.com/browse/LOG-2993"
},
{
"category": "external",
"summary": "LOG-3072",
"url": "https://issues.redhat.com/browse/LOG-3072"
},
{
"category": "external",
"summary": "LOG-3090",
"url": "https://issues.redhat.com/browse/LOG-3090"
},
{
"category": "external",
"summary": "LOG-3157",
"url": "https://issues.redhat.com/browse/LOG-3157"
},
{
"category": "external",
"summary": "LOG-3161",
"url": "https://issues.redhat.com/browse/LOG-3161"
},
{
"category": "external",
"summary": "LOG-3168",
"url": "https://issues.redhat.com/browse/LOG-3168"
},
{
"category": "external",
"summary": "LOG-3169",
"url": "https://issues.redhat.com/browse/LOG-3169"
},
{
"category": "external",
"summary": "LOG-3180",
"url": "https://issues.redhat.com/browse/LOG-3180"
},
{
"category": "external",
"summary": "LOG-3186",
"url": "https://issues.redhat.com/browse/LOG-3186"
},
{
"category": "external",
"summary": "LOG-3194",
"url": "https://issues.redhat.com/browse/LOG-3194"
},
{
"category": "external",
"summary": "LOG-3195",
"url": "https://issues.redhat.com/browse/LOG-3195"
},
{
"category": "external",
"summary": "LOG-3208",
"url": "https://issues.redhat.com/browse/LOG-3208"
},
{
"category": "external",
"summary": "LOG-3224",
"url": "https://issues.redhat.com/browse/LOG-3224"
},
{
"category": "external",
"summary": "LOG-3235",
"url": "https://issues.redhat.com/browse/LOG-3235"
},
{
"category": "external",
"summary": "LOG-3286",
"url": "https://issues.redhat.com/browse/LOG-3286"
},
{
"category": "external",
"summary": "LOG-3292",
"url": "https://issues.redhat.com/browse/LOG-3292"
},
{
"category": "external",
"summary": "LOG-3296",
"url": "https://issues.redhat.com/browse/LOG-3296"
},
{
"category": "external",
"summary": "LOG-3309",
"url": "https://issues.redhat.com/browse/LOG-3309"
},
{
"category": "external",
"summary": "LOG-3324",
"url": "https://issues.redhat.com/browse/LOG-3324"
},
{
"category": "external",
"summary": "LOG-3331",
"url": "https://issues.redhat.com/browse/LOG-3331"
},
{
"category": "external",
"summary": "LOG-3446",
"url": "https://issues.redhat.com/browse/LOG-3446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:25+00:00",
"generator": {
"date": "2026-05-27T08:35:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0264",
"initial_release_date": "2023-01-19T11:03:41+00:00",
"revision_history": [
{
"date": "2023-01-19T11:03:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-19T11:03:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.6 for RHEL 8",
"product": {
"name": "RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.6::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.0-142"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.0-130"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.0-172"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-37601",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134876"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37601"
},
{
"category": "external",
"summary": "RHBZ#2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/212",
"url": "https://github.com/webpack/loader-utils/issues/212"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…